13 matches found
CVE-2022-24309
Summary: CVE-2022-24309 affects Mendix Runtime (V7 < 7.23.29, V8 < 8.18.16, V9
CVE-2019-12996
CVE-2019-12996 affects Mendix 7.23.5 and earlier. The issue arises in XML import mappings where DOCTYPE declarations in the XML input can be processed, described as potentially unsafe. The connected documents confirm the affected version range but do not provide concrete exploit details, affected...
CVE-2022-26317
The CVE-2022-26317 issue affects Mendix Applications running on Mendix 7, specifically all versions prior to 7.23.29. The root cause is that when returning the result of a completed Microflow execution call, the framework does not properly verify whether the request was initially made by the user...
CVE-2022-25650
CVE-2022-25650 affects Mendix-based deployments of Siemens/Mendix: Project versions 7 (before 7.23.27), 8 (before 8.18.14), 9 (before 9.12.0), and 9.6 (before 9.6.3). The issue arises when querying the database and sorting on a protected field, enabling an authenticated attacker to extract inform...
CVE-2022-27241
Mendix CVE-2022-27241 affects Mendix applications built on versions: 7 (all < 7.23.31), 8 (all < 8.18.18), 9 (all < 9.11), and 9.6 (all
CVE-2021-27394
CVE-2021-27394 affects Mendix Application platforms (Mendix 7 versions before 7.23.19; Mendix 8 before 8.17.0; Mendix 8.12 before 8.12.5; Mendix 8.6 before 8.6.9; Mendix 9 before 9.0.5). Authenticated, non-administrative users can elevate privileges by manipulating user roles to gain administrati...
CVE-2021-42025
CVE-2021-42025 affects Siemens Mendix Studio Pro-based deployments. Affected: Mendix Applications using Mendix 8 (all versions before 8.18.13) and Mendix 9 (all versions before 9.6.2). Root cause: incorrect authorization that can allow authenticated attackers to manipulate the content of System.F...
CVE-2022-31257
The CVE-2022-31257 issue affects Mendix-based applications: Mendix 7 (before 7.23.31), Mendix 8 (before 8.18.18), and Mendix 9 (before 9.14.0, including 9.12 before 9.12.2 and 9.6 before 9.6.12). The root cause is an improper access control that allows bypassing password validations when an activ...
CVE-2023-23835
Siemens Mendix Runtime suffers an improper access control vulnerability (CVE-2023-23835) that can allow bypassing XPath constraints to retrieve information via error-triggering XPath queries. Affected products include Mendix Application runtimes prior to: 7.23.34, 8.18.23, 9.22.0, 9.12.x before 9...
CVE-2024-50313
CVE-2024-50313 affects Siemens Mendix Runtime across multiple branches (V8, V9, V10, including V10.6/10.12/10.16 lines) where the basic authentication implementation has a race condition that could let unauthenticated remote actors bypass default account lockout. Affected versions include all V8 ...
CVE-2021-42026
CVE-2021-42026 is a read-access vulnerability in Mendix Studio Pro-based applications. Affected products are Mendix Applications using Mendix 8 (all versions before v8.18.13) and Mendix Applications using Mendix 9 (all versions before v9.6.2). The issue allows an authenticated attacker to retriev...
CVE-2021-42015
The CVE affects Mendix-based applications: Mendix 7 (all versions before 7.23.26), Mendix 8 (before 8.18.12), and Mendix 9 (before 9.6.1). Applications built with affected Mendix Studio Pro do not prevent file documents from being cached by a browser when opened or downloaded, enabling a local at...
CVE-2022-34466
CVE-2022-34466: A Mendix expression-injection vulnerability in the Workflow subsystem of Mendix Runtime affects Mendix 9 deployments. Affected are Mendix 9 versions 9.11–9.15 and 9.12 before 9.12.3. The issue could allow a malicious user to leak sensitive information in certain configurations. Re...