Siemens Mendix Runtime Access Control Improper Vulnerability

2023-02-1400:00:00

China National Vulnerability Database

www.cnvd.org.cn

siemens

mendix

runtime

access control

vulnerability

xpath

query

error

0.001 Low

EPSS

Percentile

48.7%

JSON

Mendix is a highly productive application platform that enables you to build and continuously improve mobile and web applications at scale.An improper access control vulnerability exists in Siemens Mendix Runtime, which could be exploited by an attacker to bypass XPath constraints and retrieve information using an XPath query that triggers an error.

CPENameOperatorVersion
siemens mendix applications using mendix 7 < veq7.23.34
siemens mendix applications using mendix 8 < veq8.18.23
siemens mendix applications using mendix 9 < veq9.22.0
siemens mendix applications using mendix 9 (v9.6) < veq9.6.15
siemens mendix applications using mendix 9 (v9.12) < veq9.12.10
siemens mendix applications using mendix 9 (v9.18) < veq9.18.4

Name	Operator	Version
siemens mendix applications using mendix 7 < v	eq	7.23.34
siemens mendix applications using mendix 8 < v	eq	8.18.23
siemens mendix applications using mendix 9 < v	eq	9.22.0
siemens mendix applications using mendix 9 (v9.6) < v	eq	9.6.15
siemens mendix applications using mendix 9 (v9.12) < v	eq	9.12.10
siemens mendix applications using mendix 9 (v9.18) < v	eq	9.18.4

0.001 Low

EPSS

Percentile

48.7%

JSON

Related for CNVD-2023-09129