CVE-2021-42015
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache.
Se ha identificado una vulnerabilidad en las aplicaciones Mendix que usan Mendix versión 7 (Todas las versiones anteriores a V7.23.26), las aplicaciones Mendix que usan Mendix versión 8 (Todas las versiones anteriores a V8.18.12), las aplicaciones Mendix que usan Mendix versión 9 (Todas las versiones anteriores a V9.6.1). Las aplicaciones construidas con las versiones afectadas de Mendix Studio Pro no evitan que los documentos de archivo se almacenen en la caché cuando los archivos son abiertos o descargados usando un navegador. Esto podría permitir a un atacante local leer esos documentos explorando la caché del navegador
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-10-06 CVE Reserved
- 2021-11-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-525: Use of Web Browser Cache Containing Sensitive Information
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-338732.pdf | 2021-11-12 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mendix Search vendor "Mendix" | Mendix Search vendor "Mendix" for product "Mendix" | < 7.23.26 Search vendor "Mendix" for product "Mendix" and version " < 7.23.26" | - |
Affected
| ||||||
Mendix Search vendor "Mendix" | Mendix Search vendor "Mendix" for product "Mendix" | >= 8.0.0 < 8.18.12 Search vendor "Mendix" for product "Mendix" and version " >= 8.0.0 < 8.18.12" | - |
Affected
| ||||||
Mendix Search vendor "Mendix" | Mendix Search vendor "Mendix" for product "Mendix" | >= 9.0.0 < 9.6.1 Search vendor "Mendix" for product "Mendix" and version " >= 9.0.0 < 9.6.1" | - |
Affected
|