Nov. 14, 2023, midnight |

Siemens ProductCERT Security Advisories

Mendix Runtime contains a capture-replay flaw which could have an impact to apps built with the platform, if certain preconditions are met that depend on the app’s model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app.

Siemens has released updates for the affected products and recommends to update to the latest versions.

access access control app apps attackers authorization capture context control design escalation flaw impact platform privilege privilege escalation privileges replay runtime ssa vulnerability

More from / Siemens ProductCERT Security Advisories

Information Security Engineers

@ D. E. Shaw Research | New York City

Infrastructure Security Engineer

@ Instacart | Canada - Remote (ON, AB or BC Only)

Sr. Information Security Analyst

@ AllianceBernstein | Nashville, Tennessee

Network & Security Engineer

@ Alter Solutions | Brussels, Belgium

Security Engineer – Risk Management Framework (RMF), ACAS, ESS

@ ARA | Raleigh, North Carolina, United States; San Antonio, Texas, United States

Chief Information Security Officer

@ Trainline | London, United Kingdom