Siemens Mendix Applications

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens Mendix Applications

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Applications Vulnerability: Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious user to leak sensitive information if the...

CVE-2022-32286

A vulnerability has been identified in Mendix SAML Module Mendix 7 compatible All versions V1.16.6, Mendix SAML Module Mendix 8 compatible All versions V2.2.2, Mendix SAML Module Mendix 9 compatible All versions V3.2.3. In certain configurations SAML module is vulnerable to Cross Site Scripting X...

CVE-2022-32286

The CVE-2022-32286 entry concerns the Mendix SAML Module (Mendix 7 compatible: all versions < 1.16.6; Mendix 8 compatible: all versions < 2.2.2; Mendix 9 compatible: all versions

CVE-2022-24309

Summary: CVE-2022-24309 affects Mendix Runtime (V7 < 7.23.29, V8 < 8.18.16, V9

CVE-2021-27394

CVE-2021-27394 affects Mendix Application platforms (Mendix 7 versions before 7.23.19; Mendix 8 before 8.17.0; Mendix 8.12 before 8.12.5; Mendix 8.6 before 8.6.9; Mendix 9 before 9.0.5). Authenticated, non-administrative users can elevate privileges by manipulating user roles to gain administrati...