CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
AI Score
Confidence
High
EPSS
Percentile
51.4%
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15). Some of the Mendix runtime API’s allow attackers to bypass XPath constraints and retrieve information using XPath queries that trigger errors.
[
{
"vendor": "Siemens",
"product": "Mendix Applications using Mendix 7",
"versions": [
{
"version": "All versions < V7.23.34",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "Mendix Applications using Mendix 8",
"versions": [
{
"version": "All versions < V8.18.23",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "Mendix Applications using Mendix 9",
"versions": [
{
"version": "All versions < V9.22.0",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "Mendix Applications using Mendix 9 (V9.12)",
"versions": [
{
"version": "All versions < V9.12.10",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "Mendix Applications using Mendix 9 (V9.18)",
"versions": [
{
"version": "All versions < V9.18.4",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "Mendix Applications using Mendix 9 (V9.6)",
"versions": [
{
"version": "All versions < V9.6.15",
"status": "affected"
}
],
"defaultStatus": "unknown"
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
AI Score
Confidence
High
EPSS
Percentile
51.4%