CVE-2021-42025

EPSS 0.15%
Veröffentlicht 09.11.2021 12:15:10
Zuletzt bearbeitet 21.11.2024 06:27:06
Quelle productcert@siemens.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the content of System.FileDocument objects in some cases, regardless whether they have write access to it.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mendix ≫ Mendix Version >= 8.0.0 < 8.18.13

Mendix ≫ Mendix Version >= 9.0.0 < 9.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.317

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	6.8	8	6.9	AV:N/AC:L/Au:S/C:N/I:C/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://cert-portal.siemens.com/productcert/pdf/ssa-779699.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-42025

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-42025

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-42025

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-42025