SSA-779699 V1.0: Two Incorrect Authorization Vulnerabilities in Mendix

Risk Summary

<p>Applications built with affected versions of Mendix Studio Pro do not properly control read or write access for certain client actions. This could allow authenticated attackers to manipulate the content of System.FileDocument objects or to retrieve the changedDate attribute of arbitrary objects.</p> <p>Mendix has released updates for the affected product lines, recommends to update to the latest versions and to redeploy the applications.</p>

Remediations

• Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Affected Products (1)