9.0.0

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

siemens

CWE-863

NVD

Published: 2021-07-13

Updated: 2021-07-27

Summary

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be bypassed, if user has a write permissions to the first attribute of this object.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Mendix 7.0.0 Siemens Mendix 8.0.0 Siemens Mendix 9.0.0	3

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf