Lucene search

SiemensCVELIST:CVE-2022-34466

HistoryJul 12, 2022 - 10:07 a.m.

CVE-2022-34466

2022-07-1210:07:22

CWE-74

siemens

www.cve.org

mendix

applications

workflow

subsystem

vulnerability

expression injection

sensitive information

configuration

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

39.4%

JSON

A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information in a certain configuration.

CNA Affected

[
  {
    "product": "Mendix Applications using Mendix 9",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V9.11 < V9.15"
      }
    ]
  },
  {
    "product": "Mendix Applications using Mendix 9 (V9.12)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V9.12.3"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-492173.pdf