Lucene search

PRIOn knowledge basePRION:CVE-2023-45794

HistoryNov 14, 2023 - 11:15 a.m.

Authorization

2023-11-1411:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

mendix platform

access control

attackers

authorization escalation

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.4%

JSON

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app’s model and access control design.

This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app.

CPENameOperatorVersion
mendixge10.0.0
mendixlt10.4.0
mendixge9.0.0
mendixlt9.24.10
mendixge8.0.0
mendixlt8.18.27
mendixge7.0.0
mendixlt7.23.37

Name	Operator	Version
mendix	ge	10.0.0
mendix	lt	10.4.0
mendix	ge	9.0.0
mendix	lt	9.24.10
mendix	ge	8.0.0
mendix	lt	8.18.27
mendix	ge	7.0.0
mendix	lt	7.23.37

References

cert-portal.siemens.com/productcert/pdf/ssa-084182.pdf