PT-2021-23476 · Mendix · Mendix Studio Pro+1

Published

2021-11-09

Updated

2021-11-12

CVE-2021-42025

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Mendix Applications using Mendix 8 versions prior to 8.18.13 Mendix Applications using Mendix 9 versions prior to 9.6.2

Description A vulnerability has been identified in Mendix Applications where applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the content of System.FileDocument objects in some cases, regardless of whether they have write access to it.

Recommendations For Mendix 8 versions prior to 8.18.13, update to version 8.18.13 or later to resolve the issue. For Mendix 9 versions prior to 9.6.2, update to version 9.6.2 or later to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2021-42025

Affected Products

Mendix

Mendix Studio Pro

PT-2021-23476 · Mendix · Mendix Studio Pro+1

CVE-2021-42025

Weakness Enumeration

Related Identifiers

Affected Products

References · 4