PT-2023-3305 · Mendix · Mendix Saml

Name of the Vulnerable Software and Affected Versions: Mendix SAML Mendix 7 compatible versions 1.16.4 through 1.18.0 Mendix SAML Mendix 8 compatible versions 2.2.0 through 2.4.0 Mendix SAML Mendix 9 latest compatible, New Track versions 3.1.9 through 3.6.1 Mendix SAML Mendix 9 latest compatible,...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in SCALANCE, among others, RuggedCom, SIMATIC, SIPROTEC and Mendix. The vulnerabilities allow a malicious party potentially capable of carrying out attacks that lead to the following categories of damage: Denial-of-Service DoS. Accessing sensitive data Bypassing...

PT-2023-1689 · Mendix · Mendix Saml

Name of the Vulnerable Software and Affected Versions: Mendix SAML Mendix 7 compatible versions 1.16.4 through 1.17.3 Mendix SAML Mendix 8 compatible versions 2.2.0 through 2.3.0 Mendix SAML Mendix 9 latest compatible, New Track versions 3.1.9 through 3.3.1 Mendix SAML Mendix 9 latest compatible,...

CISA Releases Fifteen Industrial Control Systems Advisories

CISA released fifteen 15 Industrial Control Systems ICS advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories f...

CVE-2023-23835

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...

CVE-2023-23835

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...

Information disclosure

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...

CVE-2023-23835

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...

CVE-2023-23835

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...

CVE-2023-23835

Siemens Mendix Runtime suffers an improper access control vulnerability (CVE-2023-23835) that can allow bypassing XPath constraints to retrieve information via error-triggering XPath queries. Affected products include Mendix Application runtimes prior to: 7.23.34, 8.18.23, 9.22.0, 9.12.x before 9...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in Scalance, among others, TIA, SiPass, SIMATIC, COMOS, Brownfield, JT Open Toolkit, Mendix, RuggedCom and Solid Edge. The vulnerabilities would allow a malicious potentially able to launch attacks that result in the following categories of damage:...

Siemens Mendix

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens Mendix Runtime Access Control Improper Vulnerability

Mendix is a highly productive application platform that enables you to build and continuously improve mobile and web applications at scale.An improper access control vulnerability exists in Siemens Mendix Runtime, which could be exploited by an attacker to bypass XPath constraints and retrieve...

PT-2023-6756 · Mendix · Mendix

Name of the Vulnerable Software and Affected Versions: Mendix versions prior to 7.23.34 Mendix versions prior to 8.18.23 Mendix versions prior to 9.22.0 Mendix 9.12 versions prior to 9.12.10 Mendix 9.18 versions prior to 9.18.4 Mendix 9.6 versions prior to 9.6.15 Description: The issue is related...

Siemens Mendix 访问控制错误漏洞

Mendix is a highly productive application platform that enables you to build and continuously improve mobile and web applications at scale.An improper access control vulnerability exists in Siemens Mendix Runtime, which could be exploited by an attacker to bypass XPath constraints and retrieve...

CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...

Siemens Mendix SAML Module Cross-Site Scripting Vulnerability (CNVD-2023-02702)

The Mendix SAML module uses SAML to authenticate users in cloud applications. The module can communicate with any identity provider that supports SAML 2.0 or Shibboleth. A cross-site scripting vulnerability exists in Siemens Mendix SAML Module, which can be exploited by attackers to extract...

CISA Releases Twelve Industrial Control Systems Advisories

CISA released twelve Industrial Control Systems ICS advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

CVE-2022-46823

A vulnerability has been identified in Mendix SAML Mendix 8 compatible All versions = V2.3.0 = V3.3.0 = V3.3.0 V3.3.8. The affected module is vulnerable to reflected cross-site scripting XSS attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a...

CVE-2022-46823

A vulnerability has been identified in Mendix SAML Mendix 8 compatible All versions = V2.3.0 = V3.3.0 = V3.3.0 V3.3.8. The affected module is vulnerable to reflected cross-site scripting XSS attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a...