Vulnerabilities > CVE-2022-34467 - XML Entity Expansion vulnerability in Mendix Excel Importer

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

mendix

CWE-776

NVD

Published: 2022-07-12

Updated: 2022-07-20

Summary

A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the availability of the affected component.

Vulnerable Configurations

Part	Description	Count
Application	Mendix Mendix Excel Importer * Mendix Excel Importer - Mendix Excel Importer 5.9.0 Mendix Excel Importer 5.10.0 Mendix Excel Importer 5.11.0 Mendix Excel Importer 5.12.0 Mendix Excel Importer 5.13.0 Mendix Excel Importer 5.14.0 Mendix Excel Importer 5.15.0 Mendix Excel Importer 5.16.0 Mendix Excel Importer 5.17.0 Mendix Excel Importer 5.18.0 Mendix Excel Importer 5.19.0 Mendix Excel Importer 5.20.0 Mendix Excel Importer 7.0.0 Mendix Excel Importer 8.0.0 Mendix Excel Importer 8.1.0 Mendix Excel Importer 8.1.1 Mendix Excel Importer 8.1.2 Mendix Excel Importer 8.2.0 Mendix Excel Importer 8.2.1 Mendix Excel Importer 8.2.2 Mendix Excel Importer 9.0.0 Mendix Excel Importer 9.0.1 Mendix Excel Importer 9.0.2 Mendix Excel Importer 9.0.3	26

Common Weakness Enumeration (CWE)

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

References

https://cert-portal.siemens.com/productcert/pdf/ssa-610768.pdf