PT-2021-23477 · Mendix · Mendix Studio Pro+1

Published

2021-11-09

Updated

2021-11-12

CVE-2021-42026

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mendix Applications using Mendix 8 versions prior to 8.18.13 Mendix Applications using Mendix 9 versions prior to 9.6.2

Description A vulnerability has been identified in Mendix Applications where applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow authenticated attackers to retrieve the changedDate attribute of arbitrary objects, even when they don't have read access to them.

Recommendations For Mendix 8 versions prior to 8.18.13, update to version 8.18.13 or later to resolve the issue. For Mendix 9 versions prior to 9.6.2, update to version 9.6.2 or later to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2021-42026

Affected Products

Mendix

Mendix Studio Pro

PT-2021-23477 · Mendix · Mendix Studio Pro+1

CVE-2021-42026

Weakness Enumeration

Related Identifiers

Affected Products

References · 4