CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45794
https://notcve.org/view.php?id=CVE-2023-45794
14 Nov 2023 — A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design. This could allow authenticated attackers t... • https://cert-portal.siemens.com/productcert/pdf/ssa-084182.pdf • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-23835
https://notcve.org/view.php?id=CVE-2023-23835
14 Feb 2023 — A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15). Some of the Mendix runtime API’s allow attackers to bypass XPath constraints and ... • https://cert-portal.siemens.com/productcert/pdf/ssa-252808.pdf • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34466
https://notcve.org/view.php?id=CVE-2022-34466
12 Jul 2022 — A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information in a certain configuration. Se ha identificado una vulnerabilidad en las aplicaciones Mendix usando Mendix 9 (Todas las... • https://cert-portal.siemens.com/productcert/pdf/ssa-492173.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31257
https://notcve.org/view.php?id=CVE-2022-31257
12 Jul 2022 — A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypa... • https://cert-portal.siemens.com/productcert/pdf/ssa-433782.pdf • CWE-284: Improper Access Control •