CVE-2024-33500

Name of the Vulnerable Software and Affected Versions: Mendix versions prior to 10.11.0 Mendix versions 10.6 prior to 10.6.9 Mendix versions 9.3.0 through 9.24.21

Description: The issue is related to insufficient access control in the Mendix platform, which can be exploited by a remote attacker to elevate privileges. Affected applications may allow users with role management capabilities to increase access rights for users with that role. Exploitation requires guessing the ID of a target role containing elevated access rights.

Recommendations: For Mendix versions prior to 10.11.0, update to version 10.11.0 or later. For Mendix versions 10.6 prior to 10.6.9, update to version 10.6.9 or later. For Mendix versions 9.3.0 through 9.24.21, update to version 9.24.22 or later.