CVE-2021-33712

The CVE-2021-33712 vulnerability affects the Mendix SAML Module (all versions before 2.1.2). Root cause: the SAML module’s configuration does not properly enforce restrictions/validations from the identity provider, enabling a remote authenticated attacker to escalate privileges. Affected product...

CVE-2021-33712

A vulnerability has been identified in Mendix SAML Module All versions V2.1.2. The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate privileges...

Mendix SAML 数据伪造问题漏洞

The Mendix SAML Module allows authenticating users in cloud applications using SAML. The module can communicate with any identity provider that supports SAML 2.0 or Shibboleth. An elevation of privilege vulnerability exists in the Siemens Mendix SAML Module. An authenticated, remote attacker coul...

Siemens Mendix SAML Module

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix SAML Module Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate...

CVE-2021-31341

Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module All versions prior to v7.0.1...

CVE-2021-31339

A vulnerability has been identified in Mendix Excel Importer Module All versions V9.0.3. Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework...

CVE-2021-31339

A vulnerability has been identified in Mendix Excel Importer Module All versions V9.0.3. Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework...

Design/Logic Flaw

A vulnerability has been identified in Mendix Excel Importer Module All versions V9.0.3. Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework...

Design/Logic Flaw

Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module All versions prior to v7.0.1...

CVE-2021-31339

CVE-2021-31339 affects the Mendix Excel Importer Module: all versions before 9.0.3 are vulnerable. Uploading a manipulated XML file can raise an exception that may disclose information about the application server and the XML framework. The issue is documented with CVSS v3 base score 4.3 (remote,...

CVE-2021-31341

Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module All versions prior to v7.0.1...

CVE-2021-31339

A vulnerability has been identified in Mendix Excel Importer Module All versions V9.0.3. Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework...

CVE-2021-31341

CVE-2021-31341 affects Siemens Mendix Database Replication Module (all versions prior to 7.0.1). The vulnerability arises when uploading a table-mapping via a manipulated XML file, causing an exception that could disclose information about the application server and the XML framework in use. Impa...

Siemens Mendix 安全漏洞

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment, and iteration. A security vulnerability exists in Siemens Mendix. The vulnerability stems from a program upload operation of an XML file that results in ...

Siemens Mendix 安全漏洞

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment, and iteration. A security vulnerability exists in Siemens Mendix. The vulnerability stems from the system's use of XML file upload table mappings that...

Siemens Mendix Excel Importer Module

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mendix, a subsidiary of Siemens Equipment: Mendix Excel Importer Module Vulnerability: Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this...

Siemens Mendix Database Replication Module

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Database Replication Module Vulnerability: Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could...

The vulnerability of the low-level platform Mendix, related to privilege management errors, allows a malicious actor to elevate their privileges and gain unauthorized access to protected information.

The vulnerability of the low-level platform Mendix is related to privilege management errors. Exploiting this vulnerability can allow an attacker operating remotely to enhance their privileges and gain unauthorized access to protected information...

CVE-2021-27394

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.19, Mendix Applications using Mendix 8 All versions V8.17.0, Mendix Applications using Mendix 8 V8.12 All versions V8.12.5, Mendix Applications using Mendix 8 V8.6 All versions V8.6.9, Mendix Applications...

CVE-2021-27394

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.19, Mendix Applications using Mendix 8 All versions V8.17.0, Mendix Applications using Mendix 8 V8.12 All versions V8.12.5, Mendix Applications using Mendix 8 V8.6 All versions V8.6.9, Mendix Applications...