Vulnerabilities > Mendix

DATE CVE VULNERABILITY TITLE RISK
2021-11-09 CVE-2021-42015 Information Exposure Through Browser Caching vulnerability in Mendix
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1).
local
low complexity
mendix CWE-525
5.5
2021-11-09 CVE-2021-42025 Incorrect Authorization vulnerability in Mendix
A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2).
network
low complexity
mendix CWE-863
6.5
2021-11-09 CVE-2021-42026 Incorrect Authorization vulnerability in Mendix
A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2).
network
low complexity
mendix CWE-863
4.3
2021-06-08 CVE-2021-33712 Insufficient Verification of Data Authenticity vulnerability in Mendix Saml
A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2).
network
low complexity
mendix CWE-345
8.8
2021-05-12 CVE-2021-31339 Information Exposure Through an Error Message vulnerability in Mendix Excel Importer
A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3).
network
low complexity
mendix CWE-209
4.3
2021-05-12 CVE-2021-31341 Information Exposure Through an Error Message vulnerability in Mendix Database Replication
Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1).
network
low complexity
mendix CWE-209
4.3
2021-04-16 CVE-2021-27394 Improper Privilege Management vulnerability in Mendix
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5).
network
low complexity
mendix CWE-269
8.8
2021-03-15 CVE-2021-25672 Unspecified vulnerability in Mendix Forgot Password
A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1).
network
low complexity
mendix
8.8
2021-01-06 CVE-2020-8160 Cross-site Scripting vulnerability in Mendix Mendixsso 2.0.0/2.1.0/2.1.1
MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path.
network
low complexity
mendix CWE-79
6.1
2019-09-10 CVE-2019-12996 Server-Side Request Forgery (SSRF) vulnerability in Mendix
In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe.
network
low complexity
mendix CWE-918
5.3