Siemens Mendix Applications Using Mendix 10 vulnerabilities

CVE-2024-33500 [HIGH] CWE-269 CVE-2024-33500: A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0) A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions = V9.3.0 < V9.24.22). Affected applications could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id of a target role which contains the elevated access rights.

CVE-2023-45794 [MEDIUM] CWE-294 CVE-2023-45794: A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to ap