PT-2021-23471 · Mendix · Mendix Studio Pro+3

Published

2021-11-09

Updated

2021-11-12

CVE-2021-42015

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mendix Applications using Mendix 7 versions prior to 7.23.26 Mendix Applications using Mendix 8 versions prior to 8.18.12 Mendix Applications using Mendix 9 versions prior to 9.6.1

Description A vulnerability has been identified in Mendix Applications. Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache.

Recommendations For Mendix 7 versions prior to 7.23.26, update to version 7.23.26 or later to resolve the issue. For Mendix 8 versions prior to 8.18.12, update to version 8.18.12 or later to resolve the issue. For Mendix 9 versions prior to 9.6.1, update to version 9.6.1 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-525

Related Identifiers

CVE-2021-42015

Affected Products

Mendix 7

Mendix 8

Mendix 9

Mendix Studio Pro

PT-2021-23471 · Mendix · Mendix Studio Pro+3

CVE-2021-42015

Weakness Enumeration

Related Identifiers

Affected Products

References · 4