CVE-2021-42015

MEDIUM Year: 2021
CVSS v3 Score
5.5
Medium
CVSS v2 Score
1.9
Low
Weakness Type
CWE-525
View all →

Vulnerability Description

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache.

Related Vulnerabilities

CVE-2023-27545

MEDIUM
CVSS:5.5(Medium)

IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.

CWE-5252023

CVE-2024-25142

MEDIUM
CVSS:5.5(Medium)

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could resul...

CWE-5252024

CVE-2024-45314

MEDIUM
CVSS:5.5(Medium)

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue o...

CWE-5252024

CVE-2024-31906

MEDIUM
CVSS:6.2(Medium)

IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system.

CWE-5252024

CVE-2023-43035

MEDIUM
CVSS:4.0(Medium)

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.

CWE-5252023

CVE-2024-22349

MEDIUM
CVSS:4.0(Medium)

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.

CWE-5252024