Vulnerabilities > CVE-2021-33718 - Incorrect Authorization vulnerability in Siemens Mendix

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

siemens

CWE-863

NVD

Published: 2021-07-13

Updated: 2021-07-27

Summary

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be bypassed, if user has a write permissions to the first attribute of this object.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Mendix *	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf