PT-2022-16598 · Mendix · Mendix Runtime V8 +2

Name of the Vulnerable Software and Affected Versions: Mendix Runtime V7 versions prior to 7.23.29 Mendix Runtime V8 versions prior to 8.18.16 Mendix Runtime V9 version 9.13 and earlier, with Runtime Custom Setting DataStorage.UseNewQueryHandler set to False Description: A vulnerability has been...

PT-2022-17785 · Mendix · Mendix Applications

Name of the Vulnerable Software and Affected Versions: Mendix Applications versions prior to 7.23.29 Description: A vulnerability has been identified in Mendix Applications. The affected framework does not correctly verify if the request was initially made by the user requesting the result when...

Siemens Mendix

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Vulnerability: Improper Access Control 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-22-069-13 Siemens Mendix that was published March 10, 2021, to...

Siemens SINEMA Mendix Forgot Password Appstore

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Forgot Password Appstore module Vulnerabilities: Improper Access Control, Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION These vulnerabilities...

Vulnerabilities fixed in Siemens Mendix

Siemens fixed vulnerabilities in Mendix. Successful misuse of these vulnerabilities could allow a malicious person to manipulate the manipulate the contents of specific objects. Siemens has released updates to fix the vulnerabilities. More information can be found on the pages below:...

Siemens MendixSiemens Mendix incorrect authorization vulnerability (CNVD-2021-89434)

Siemens Mendix is a low-code application development platform from Siemens, a German company that provides application development, testing, deployment, and iteration capabilities. A security vulnerability in Siemens Mendix allows an authenticated attacker to retrieve the changedDate property of...

Siemens Mendix incorrect authorization vulnerability

Siemens Mendix is a low-code application development platform from Siemens, a German company that provides application development, testing, deployment and iteration. The platform provides application development, testing, deployment and iteration. Siemens Mendix contains a security vulnerability...

Siemens Mendix Information Disclosure Vulnerability

A security vulnerability exists in Siemens Mendix, a low-code application development platform from Siemens, Germany. The vulnerability stems from the fact that applications built with the affected version of Mendix Studio Pro do not prevent the caching of file documents when opening or downloadi...

CVE-2021-42026

A vulnerability has been identified in Mendix Applications using Mendix 8 All versions V8.18.13, Mendix Applications using Mendix 9 All versions V9.6.2. Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow...

CVE-2021-42015

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.26, Mendix Applications using Mendix 8 All versions V8.18.12, Mendix Applications using Mendix 9 All versions V9.6.1. Applications built with affected versions of Mendix Studio Pro do not prevent file...

CVE-2021-42025

A vulnerability has been identified in Mendix Applications using Mendix 8 All versions V8.18.13, Mendix Applications using Mendix 9 All versions V9.6.2. Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow...

CVE-2021-42015

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.26, Mendix Applications using Mendix 8 All versions V8.18.12, Mendix Applications using Mendix 9 All versions V9.6.1. Applications built with affected versions of Mendix Studio Pro do not prevent file...

CVE-2021-42026

A vulnerability has been identified in Mendix Applications using Mendix 8 All versions V8.18.13, Mendix Applications using Mendix 9 All versions V9.6.2. Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow...

CVE-2021-42025

A vulnerability has been identified in Mendix Applications using Mendix 8 All versions V8.18.13, Mendix Applications using Mendix 9 All versions V9.6.2. Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow...

Input validation

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.26, Mendix Applications using Mendix 8 All versions V8.18.12, Mendix Applications using Mendix 9 All versions V9.6.1. Applications built with affected versions of Mendix Studio Pro do not prevent file...

Code injection

A vulnerability has been identified in Mendix Applications using Mendix 8 All versions V8.18.13, Mendix Applications using Mendix 9 All versions V9.6.2. Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow...

Design/Logic Flaw

A vulnerability has been identified in Mendix Applications using Mendix 8 All versions V8.18.13, Mendix Applications using Mendix 9 All versions V9.6.2. Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow...

CVE-2021-42026

A vulnerability has been identified in Mendix Applications using Mendix 8 All versions V8.18.13, Mendix Applications using Mendix 9 All versions V9.6.2. Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow...

CVE-2021-42026

CVE-2021-42026 is a read-access vulnerability in Mendix Studio Pro-based applications. Affected products are Mendix Applications using Mendix 8 (all versions before v8.18.13) and Mendix Applications using Mendix 9 (all versions before v9.6.2). The issue allows an authenticated attacker to retriev...

CVE-2021-42025

CVE-2021-42025 affects Siemens Mendix Studio Pro-based deployments. Affected: Mendix Applications using Mendix 8 (all versions before 8.18.13) and Mendix 9 (all versions before 9.6.2). Root cause: incorrect authorization that can allow authenticated attackers to manipulate the content of System.F...