CVE-2021-42015

Summary

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache.

Affected Software

VendorProductVersion RangeStatus
SiemensMendix Applications using Mendix 7All versions < V7.23.26affected
SiemensMendix Applications using Mendix 8All versions < V8.18.12affected
SiemensMendix Applications using Mendix 9All versions < V9.6.1affected

Weaknesses

  • CWE-525: CWE-525: Use of Web Browser Cache Containing Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

References