CVE-2021-27394
HIGHMendix 7<7.23.19, 8<8.17.0, 8.12<8.12.5, 8.6<8.6.9, 9<9.0.5 - Privilege Escalation via User Role Manipulation
Title source: llmDescription
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-875726.pdf
Scores
CVSS v3
8.8
EPSS
0.0080
EPSS Percentile
52.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
mendix/mendix
7.0.2 - 7.23.19
Published
Apr 16, 2021
Tracked Since
Feb 18, 2026