CVE-2021-33718 — Incorrect Authorization in Siemens Mendix

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 71.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Mendix Siemens Mendix Applications Using Mendix 7 Siemens Mendix Applications Using Mendix 8 +1 more

Timeline

PublishedJul 13

Latest updateMay 24

Description

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be bypassed, if user has a write permissions to the first attribute of this object.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5siemens/mendix_applications_using_mendix_7All versions < V7.23.22

▶CVEListV5siemens/mendix_applications_using_mendix_8All versions < V8.18.7

▶CVEListV5siemens/mendix_applications_using_mendix_9All versions < V9.3.0

▶NVDsiemens/mendix7.0 — 7.23.22+2

🔴Vulnerability Details

GHSA

GHSA-rhfw-f382-2fcr: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7↗2022-05-24

▶

CVEList

CVE-2021-33718: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7↗2021-07-13

▶