cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-50313,https://securityvulnerability.io/vulnerability/CVE-2024-50313,Race Condition Vulnerability Affects Mendix Runtime Versions,"A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The basic authentication implementation of affected applications contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures.",Siemens,"Mendix Runtime V10,Mendix Runtime V10.12,Mendix Runtime V10.6,Mendix Runtime V8,Mendix Runtime V9",6.9,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-11-12T12:49:54.803Z,0
CVE-2023-49069,https://securityvulnerability.io/vulnerability/CVE-2023-49069,Vulnerability in Mendix Runtime Could Allow Unauthorized Access to User Data,"A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.16 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.33 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.31 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.",Siemens,"Mendix Runtime V10,Mendix Runtime V10.12,Mendix Runtime V10.6,Mendix Runtime V8,Mendix Runtime V9",5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-09-10T09:36:25.399Z,0
CVE-2022-24309,https://securityvulnerability.io/vulnerability/CVE-2022-24309,,"A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data.",Siemens,"Mendix Runtime V7,Mendix Runtime V8,Mendix Runtime V9",8.1,HIGH,0.0006000000284984708,false,,false,false,false,,false,false,2022-03-08T11:31:29.000Z,0