Security Advisories

Last update: Edit

1 Introduction

Mendix publishes security advisories by leveraging Siemens ProductCERT, which is a dedicated team of seasoned security experts that manages the receipt, investigation, internal coordination, and public reporting of security issues related to Siemens products, solutions, and services.

Mendix adds the CVSS score and CVSS vector for security vulnerabilities described in the Studio Pro release notes. Mendix also adds the CVE IDs when they become available.

2 Security Advisory Details

CVE ID CVSS v3.1 Base Score Siemens Security Advisory (SSA) Description Notes
CVE-2021-42026 3.1 Two Incorrect Authorization Vulnerabilities in Mendix See the SSA description for remediation details
CVE-2021-42025 5.3 Two Incorrect Authorization Vulnerabilities in Mendix See the SSA description for remediation details
CVE-2021-42015 4.0 Information Disclosure Vulnerability in Mendix See the SSA description for remediation details
CVE-2021-33718 5.3 Access Check Bypass Vulnerability in Mendix See the SSA description for remediation details
CVE-2021-33712 8.1 Privilege Escalation Vulnerability in Mendix SAML Module See the SSA description for remediation details
CVE-2021-31339 4.3 Information Disclosure Vulnerability in Mendix Excel Importer Module See the SSA description for remediation details
CVE-2021-31341 4.3 Information Disclosure Vulnerability in Mendix Database Replication Module See the SSA description for remediation details
CVE-2021-27394 8.1 Privilege Escalation Vulnerability in Mendix See the SSA description for remediation details
CVE-2021-25672 6.8 Mendix Forgot Password App Store Module See the SSA description for remediation details

3 More Information