CVE-2024-33500

June 11, 2024, 1:54 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Mendix

  • 10 < 10.11.0
  • 10.6 < 10.6.9
  • 9 >= 9.3.0 < 9.24.22

Mendix

  • < V10.11.0
  • < V10.6.9
  • >= V9.3.0 < V9.24.22

Source

productcert@siemens.com

Tags

CVE-2024-33500 details

Published : June 11, 2024, 12:15 p.m.
Last Modified : June 11, 2024, 1:54 p.m.

Description

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions >= V9.3.0 < V9.24.22). Affected applications could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id of a target role which contains the elevated access rights.

CVSS Score

1 2 3 4 5.9 6 7 8 9 10

CVSS Data

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

5.9

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

References

URL Source
https://cert-portal.siemens.com/productcert/html/ssa-540640.html productcert@siemens.com
This website uses the NVD API, but is not approved or certified by it.