484 matches found
CVE-2023-23835
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...
CVE-2023-23835
Siemens Mendix Runtime suffers an improper access control vulnerability (CVE-2023-23835) that can allow bypassing XPath constraints to retrieve information via error-triggering XPath queries. Affected products include Mendix Application runtimes prior to: 7.23.34, 8.18.23, 9.22.0, 9.12.x before 9...
CVE-2023-23835
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...
Siemens Mendix Runtime Access Control Improper Vulnerability
Mendix is a highly productive application platform that enables you to build and continuously improve mobile and web applications at scale.An improper access control vulnerability exists in Siemens Mendix Runtime, which could be exploited by an attacker to bypass XPath constraints and retrieve...
PT-2023-6756 · Mendix · Mendix
Name of the Vulnerable Software and Affected Versions: Mendix versions prior to 7.23.34 Mendix versions prior to 8.18.23 Mendix versions prior to 9.22.0 Mendix 9.12 versions prior to 9.12.10 Mendix 9.18 versions prior to 9.18.4 Mendix 9.6 versions prior to 9.6.15 Description: The issue is related...
Siemens Mendix 访问控制错误漏洞
Mendix is a highly productive application platform that enables you to build and continuously improve mobile and web applications at scale.An improper access control vulnerability exists in Siemens Mendix Runtime, which could be exploited by an attacker to bypass XPath constraints and retrieve...
Siemens Mendix
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in Scalance, among others, TIA, SiPass, SIMATIC, COMOS, Brownfield, JT Open Toolkit, Mendix, RuggedCom and Solid Edge. The vulnerabilities would allow a malicious potentially able to launch attacks that result in the following categories of damage:...
The vulnerability of the SAML implementation for the application’s single-input module of the Mendix software development and application testing platform allows a perpetrator to gain access to protected information.
The vulnerability of the SAML implementation for application single-sign-on in the Mendix software development and application testing platform relates to insufficient protection of the web page structure. Exploiting this vulnerability could allow a malicious actor to gain access to protected...
CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers
The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...
Siemens Mendix SAML Module Cross-Site Scripting Vulnerability (CNVD-2023-02702)
The Mendix SAML module uses SAML to authenticate users in cloud applications. The module can communicate with any identity provider that supports SAML 2.0 or Shibboleth. A cross-site scripting vulnerability exists in Siemens Mendix SAML Module, which can be exploited by attackers to extract...
CISA Releases Twelve Industrial Control Systems Advisories
CISA released twelve Industrial Control Systems ICS advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
CVE-2022-46823
A vulnerability has been identified in Mendix SAML Mendix 8 compatible All versions = V2.3.0 = V3.3.0 = V3.3.0 V3.3.8. The affected module is vulnerable to reflected cross-site scripting XSS attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a...
CVE-2022-46823
A vulnerability has been identified in Mendix SAML Mendix 8 compatible All versions = V2.3.0 = V3.3.0 = V3.3.0 V3.3.8. The affected module is vulnerable to reflected cross-site scripting XSS attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a...
Cross site scripting
A vulnerability has been identified in Mendix SAML Mendix 8 compatible All versions = V2.3.0 = V3.3.0 = V3.3.0 V3.3.8. The affected module is vulnerable to reflected cross-site scripting XSS attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a...
CVE-2022-46823
A vulnerability has been identified in Mendix SAML Mendix 8 compatible All versions = V2.3.0 = V3.3.0 = V3.3.0 V3.3.8. The affected module is vulnerable to reflected cross-site scripting XSS attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a...
CVE-2022-46823
A vulnerability has been identified in Mendix SAML Mendix 8 compatible All versions = V2.3.0 = V3.3.0 = V3.3.0 V3.3.8. The affected module is vulnerable to reflected cross-site scripting XSS attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a...
CVE-2022-46823
CVE-2022-46823 affects Siemens Mendix SAML (Mendix 8 compatible: 2.3.0–2.3.3; Mendix 9 compatible, New Track: 3.3.0–3.3.8; Mendix 9 compatible, Upgrade Track: 3.3.0–3.3.7). The vulnerability is reflected cross-site scripting (XSS), enabling an attacker to extract sensitive information by guiding ...
Siemens Mendix 跨站脚本漏洞
The Mendix SAML module uses SAML to authenticate users in cloud applications. The module can communicate with any identity provider that supports SAML 2.0 or Shibboleth. A cross-site scripting vulnerability exists in Siemens Mendix SAML Module, which can be exploited by attackers to extract...
PT-2023-1146 · Mendix · Mendix Saml
Name of the Vulnerable Software and Affected Versions: Mendix SAML Mendix 8 compatible versions 2.3.0 through 2.3.3 Mendix SAML Mendix 9 compatible, New Track versions 3.3.0 through 3.3.8 Mendix SAML Mendix 9 compatible, Upgrade Track versions 3.3.0 through 3.3.7 Description: The affected module ...