CVE-2023-23835

Published: Feb 14, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15). Some of the Mendix runtime API’s allow attackers to bypass XPath constraints and retrieve information using XPath queries that trigger errors.

Affected (6)

Products: Mendix: Mendix

Mendix

1 product

Mendix

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Mendix Mendix	From 7.0.2 to 7.23.34
Mendix Mendix	From 8.0.0 to 8.18.23
Mendix Mendix	From 9.0.0 to 9.6.15
Mendix Mendix	From 9.18.0 to 9.18.4
Mendix Mendix	From 9.19.0 to 9.22.0
Mendix Mendix	From 9.7.0 to 9.12.10

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-252808.pdf

Source: productcert@siemens.com

Release NotesThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-252808.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.