CVE-2024-33500

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.4HIGH

EPSS

0.2%

top 59.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Mendix Applications Using Mendix 10 Siemens Mendix Applications Using Mendix 10 (v10.6)Siemens Mendix Applications Using Mendix 9

Timeline

PublishedJun 11

Description

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions = V9.3.0 < V9.24.22). Affected applications could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id of a target role which contains the elevated access rights.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5siemens/mendix_applications_using_mendix_9V9.3.0 — V9.24.22

▶CVEListV5siemens/mendix_applications_using_mendix_10< V10.11.0

▶CVEListV5siemens/mendix_applications_using_mendix_10_(v10.6)< V10.6.9

🔴Vulnerability Details

GHSA

GHSA-497q-xhqw-fw3m: A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions = V9↗2024-06-11

▶

CVEList

CVE-2024-33500: A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions = V9↗2024-06-11

▶