Vulnerabilities > Mendix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-12 | CVE-2022-34466 | Expression Language Injection vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). | 6.5 |
| 2022-07-12 | CVE-2022-34467 | XML Entity Expansion vulnerability in Mendix Excel Importer A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). | 6.5 |
| 2022-06-14 | CVE-2022-32285 | XXE vulnerability in Mendix Saml A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). | 7.5 |
| 2022-06-14 | CVE-2022-32286 | Cross-site Scripting vulnerability in Mendix Saml A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). | 6.1 |
| 2022-04-12 | CVE-2022-25650 | Unspecified vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3). | 6.5 |
| 2022-04-12 | CVE-2022-27241 | Information Exposure vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). | 7.5 |
| 2022-03-08 | CVE-2022-24309 | Unspecified vulnerability in Mendix A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). | 8.1 |
| 2022-03-08 | CVE-2022-26313 | Unspecified vulnerability in Mendix Forgot Password 3.3.0/3.3.2/3.4.0 A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). | 9.8 |
| 2022-03-08 | CVE-2022-26314 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mendix Forgot Password A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). | 9.8 |
| 2022-03-08 | CVE-2022-26317 | Use of Insufficiently Random Values vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29). | 6.5 |