CVE-2021-27394

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.8HIGH

EPSS

0.3%

top 43.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mendix Mendix Siemens Mendix Applications Using Mendix 7 Siemens Mendix Applications Using Mendix 8 +3 more

Timeline

PublishedApr 16

Latest updateMay 24

Description

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5siemens/mendix_applications_using_mendix_7All versions < V7.23.19

▶CVEListV5siemens/mendix_applications_using_mendix_8All versions < V8.17.0

▶CVEListV5siemens/mendix_applications_using_mendix_9All versions < V9.0.5

▶CVEListV5siemens/mendix_applications_using_mendix_8_(v8.6)All versions < V8.6.9

▶CVEListV5siemens/mendix_applications_using_mendix_8_(v8.12)All versions < V8.12.5

🔴Vulnerability Details

GHSA

GHSA-x3jr-ggr7-pvhq: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7↗2022-05-24

▶

CVEList

CVE-2021-27394: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7↗2021-04-16

▶