Vulnerabilities > Mendix > Mendix > 6.9.1

DATE CVE VULNERABILITY TITLE RISK
2022-03-08 CVE-2022-24309 Unspecified vulnerability in Mendix
A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False).
network
low complexity
mendix
8.1
2022-03-08 CVE-2022-26317 Use of Insufficiently Random Values vulnerability in Mendix
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29).
network
low complexity
mendix CWE-330
6.5
2021-11-09 CVE-2021-42015 Unspecified vulnerability in Mendix
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1).
local
low complexity
mendix
5.5
2019-09-10 CVE-2019-12996 Server-Side Request Forgery (SSRF) vulnerability in Mendix
In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe.
network
low complexity
mendix CWE-918
5.3