467 matches found
Siemens Mendix Database Replication Module
1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Database Replication Module Vulnerability: Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could...
CVE-2021-27394
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.19, Mendix Applications using Mendix 8 All versions V8.17.0, Mendix Applications using Mendix 8 V8.12 All versions V8.12.5, Mendix Applications using Mendix 8 V8.6 All versions V8.6.9, Mendix Applications...
CVE-2021-27394
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.19, Mendix Applications using Mendix 8 All versions V8.17.0, Mendix Applications using Mendix 8 V8.12 All versions V8.12.5, Mendix Applications using Mendix 8 V8.6 All versions V8.6.9, Mendix Applications...
Design/Logic Flaw
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.19, Mendix Applications using Mendix 8 All versions V8.17.0, Mendix Applications using Mendix 8 V8.12 All versions V8.12.5, Mendix Applications using Mendix 8 V8.6 All versions V8.6.9, Mendix Applications...
CVE-2021-27394
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.19, Mendix Applications using Mendix 8 All versions V8.17.0, Mendix Applications using Mendix 8 V8.12 All versions V8.12.5, Mendix Applications using Mendix 8 V8.6 All versions V8.6.9, Mendix Applications...
CVE-2021-27394
CVE-2021-27394 affects Mendix Application platforms (Mendix 7 versions before 7.23.19; Mendix 8 before 8.17.0; Mendix 8.12 before 8.12.5; Mendix 8.6 before 8.6.9; Mendix 9 before 9.0.5). Authenticated, non-administrative users can elevate privileges by manipulating user roles to gain administrati...
Vulnerability fixed in Mendix
The latest updates to Mendix fix a vulnerability that allows malicious authorized users can increase their privileges increase their privileges. Remove the authority to manage user roles for non-administrator roles to mitigate this security vulnerability for non-administrator users as a mitigatin...
Siemens Mendix 安全漏洞
Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. An elevation of privilege vulnerability exists in Siemens Mendix. An attacker could use the vulnerability to gain administrative privileges...
Siemens Mendix Elevation of Privilege Vulnerability
Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. An elevation of privilege vulnerability exists in Siemens Mendix. An attacker could use the vulnerability to gain administrative privileges...
Siemens Mendix
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a non-administrative user to gain administrative...
CVE-2021-25672
A vulnerability has been identified in Mendix Forgot Password Appstore module All Versions V3.2.1. The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts...
CVE-2021-25672
A vulnerability has been identified in Mendix Forgot Password Appstore module All Versions V3.2.1. The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts...
Design/Logic Flaw
A vulnerability has been identified in Mendix Forgot Password Appstore module All Versions V3.2.1. The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts...
CVE-2021-25672
The CVE-2021-25672 entry concerns the Mendix Forgot Password Appstore module, with an improper access control flaw affecting All Versions
CVE-2021-25672
A vulnerability has been identified in Mendix Forgot Password Appstore module All Versions V3.2.1. The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts...
西门子 Mendix 安全漏洞
Mendix Forgot Password Appstore module allows users to register applications or reset their own passwords without administrator involvement. An improper access control vulnerability exists in the Siemens Mendix Forgot Password Appstore module. An attacker could exploit the vulnerability to take...
Siemens Mendix Forgot Password Appstore module Improper Access Control Vulnerability
Mendix Forgot Password Appstore module allows users to register applications or reset their own passwords without administrator involvement. An improper access control vulnerability exists in the Siemens Mendix Forgot Password Appstore module. An attacker could exploit the vulnerability to take...
CVE-2020-8160
MendixSSO = 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload m...
Siemens Mendix Cross-Site Scripting Vulnerability
Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration capabilities. A cross-site scripting vulnerability exists in Mendix SSO version 2.1.1 and prior versions, which stems from improper HTML...
Mendix: Reflected XSS in "*.mendix.com/openid/*"
The endpoint at https://sprintr.home-accp.mendix.com/openid/ suffers from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the...