Medium severity5.5NVD Advisory· Published Nov 9, 2021· Updated Jun 17, 2026
CVE-2021-42015
CVE-2021-42015
Description
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache.
Affected products
5- Range: < V7.23.26, < V8.18.12, < V9.6.1
- Range: < V7.23.26, < V8.18.12, < V9.6.1
- Siemens/Mendix Applications using Mendix 7v5Range: All versions < V7.23.26
- Siemens/Mendix Applications using Mendix 8v5Range: All versions < V8.18.12
- Siemens/Mendix Applications using Mendix 9v5Range: All versions < V9.6.1
Patches
Vulnerability mechanics
References
1- cert-portal.siemens.com/productcert/pdf/ssa-338732.pdfnvdPatchThird Party Advisory
News mentions
0No linked articles in our index yet.