cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-33500,https://securityvulnerability.io/vulnerability/CVE-2024-33500,Mendix Applications Vulnerability: Elevated Access Rights for Role Managers,"A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions >= V9.3.0 < V9.24.22). Affected applications could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id of a target role which contains the elevated access rights.",Siemens,"Mendix Applications Using Mendix 10,Mendix Applications Using Mendix 10 (v10.6),Mendix Applications Using Mendix 9",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-11T11:15:43.422Z,0
CVE-2023-45794,https://securityvulnerability.io/vulnerability/CVE-2023-45794,Capture-Replay Vulnerability in Mendix Applications by Mendix,"A capture-replay flaw exists in Mendix Applications which impacts various versions across multiple Mendix platforms. This vulnerability could be exploited by authenticated attackers to gain unauthorized access or modify objects within the application. The risk is contingent upon specific preconditions based on the application's model and access control design, potentially enabling privilege escalation in the context of vulnerable apps. Organizations using Mendix should assess the security of their applications and implement necessary controls to mitigate this risk.",Siemens,"Mendix Applications using Mendix 10,Mendix Applications using Mendix 7,Mendix Applications using Mendix 8,Mendix Applications using Mendix 9",8.1,HIGH,0.0005499999970197678,false,,false,false,false,,false,false,2023-11-14T11:15:00.000Z,0
CVE-2023-23835,https://securityvulnerability.io/vulnerability/CVE-2023-23835,XPath Bypass Vulnerability in Mendix Applications,"A security issue has been discovered in Mendix Applications that enables unauthorized access to sensitive data through the exploitation of their runtime APIs. Attackers can bypass established XPath constraints, allowing them to execute error-triggering XPath queries. This issue affects multiple versions of Mendix 7, 8, and 9, potentially leading to unauthorized information retrieval and posing significant security risks for applications built on this platform.",Siemens,"Mendix Applications using Mendix 7,Mendix Applications using Mendix 8,Mendix Applications using Mendix 9,Mendix Applications using Mendix 9 (V9.12),Mendix Applications using Mendix 9 (V9.18),Mendix Applications using Mendix 9 (V9.6)",7.5,HIGH,0.001230000052601099,false,,false,false,false,,false,false,2023-02-14T11:15:00.000Z,0
CVE-2022-34466,https://securityvulnerability.io/vulnerability/CVE-2022-34466,Expression Injection Vulnerability in Mendix Runtime Applications,"An expression injection vulnerability has been found in the Workflow subsystem of Mendix Runtime, which affects various versions of Mendix 9 applications. This vulnerability may allow malicious users to exploit specific configurations, potentially leading to sensitive information leakage. Application developers must ensure that they apply the latest updates to protect their systems from such threats.",Siemens,"Mendix Applications Using Mendix 9,Mendix Applications Using Mendix 9 (v9.12)",6.5,MEDIUM,0.0009200000204145908,false,,false,false,false,,false,false,2022-07-12T10:07:22.000Z,0
CVE-2022-31257,https://securityvulnerability.io/vulnerability/CVE-2022-31257,Password Bypass Vulnerability in Mendix Applications by Mendix,"A vulnerability exists in Mendix applications that could allow an attacker with access to an active user session to bypass password validation. This flaw affects multiple versions of Mendix 7, 8, and 9, enabling the attacker to potentially set weak passwords, compromising user security. Organizations using the affected versions should take immediate measures to update their applications to mitigate this risk.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9,Mendix Applications Using Mendix 9 (v9.12),Mendix Applications Using Mendix 9 (v9.6)",7.5,HIGH,0.0007300000288523734,false,,false,false,false,,false,false,2022-07-12T10:06:43.000Z,0
CVE-2022-27241,https://securityvulnerability.io/vulnerability/CVE-2022-27241,,"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9,Mendix Applications Using Mendix 9 (v9.6)",7.5,HIGH,0.003470000112429261,false,,false,false,false,,false,false,2022-04-12T09:08:00.000Z,0
CVE-2022-25650,https://securityvulnerability.io/vulnerability/CVE-2022-25650,,"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3). When querying the database, it is possible to sort the results using a protected field. With this an authenticated attacker could extract information about the contents of a protected field.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9,Mendix Applications Using Mendix 9 (v9.6)",6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2022-04-12T09:07:42.000Z,0
CVE-2021-42026,https://securityvulnerability.io/vulnerability/CVE-2021-42026,,"A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow authenticated attackers to retrieve the changedDate attribute of arbitrary objects, even when they don't have read access to them.",Siemens,"Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9",4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-11-09T11:32:17.000Z,0
CVE-2021-42025,https://securityvulnerability.io/vulnerability/CVE-2021-42025,,"A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the content of System.FileDocument objects in some cases, regardless whether they have write access to it.",Siemens,"Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9",6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-11-09T11:32:16.000Z,0
CVE-2021-42015,https://securityvulnerability.io/vulnerability/CVE-2021-42015,,"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,false,false,2021-11-09T11:32:14.000Z,0
CVE-2021-33718,https://securityvulnerability.io/vulnerability/CVE-2021-33718,,"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be bypassed, if user has a write permissions to the first attribute of this object.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 9",5.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-07-13T11:03:06.000Z,0
CVE-2021-27394,https://securityvulnerability.io/vulnerability/CVE-2021-27394,,"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges.",Siemens,"Mendix Applications Using Mendix 7,Mendix Applications Using Mendix 8,Mendix Applications Using Mendix 8 (v8.12),Mendix Applications Using Mendix 8 (v8.6),Mendix Applications Using Mendix 9",8.8,HIGH,0.0010400000028312206,false,,false,false,false,,false,false,2021-04-16T20:00:14.000Z,0