CVE-2021-27394

Name of the Vulnerable Software and Affected Versions Mendix Applications using Mendix 7 versions prior to 7.23.19 Mendix Applications using Mendix 8 versions prior to 8.17.0 Mendix Applications using Mendix 8 (V8.12) versions prior to 8.12.5 Mendix Applications using Mendix 8 (V8.6) versions prior to 8.6.9 Mendix Applications using Mendix 9 versions prior to 9.0.5

Description A vulnerability has been identified that allows authenticated, non-administrative users to modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges. This issue is related to errors in privilege management. Exploitation of the vulnerability may allow a remote attacker to elevate their privileges and gain unauthorized access to protected information.

Recommendations For Mendix 7, update to version 7.23.19 or later. For Mendix 8, update to version 8.17.0 or later. For Mendix 8 (V8.12), update to version 8.12.5 or later. For Mendix 8 (V8.6), update to version 8.6.9 or later. For Mendix 9, update to version 9.0.5 or later.