Vulnerabilities > Mendix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-09 | CVE-2021-42026 | Incorrect Authorization vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). | 4.0 |
| 2021-06-08 | CVE-2021-33712 | Insufficient Verification of Data Authenticity vulnerability in Mendix Saml A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). | 6.5 |
| 2021-05-12 | CVE-2021-31339 | Information Exposure Through an Error Message vulnerability in Mendix Excel Importer A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3). | 4.0 |
| 2021-05-12 | CVE-2021-31341 | Information Exposure Through an Error Message vulnerability in Mendix Database Replication Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1). | 4.0 |
| 2021-03-15 | CVE-2021-25672 | Unspecified vulnerability in Mendix Forgot Password 3.1.0/3.2.0 A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). | 6.5 |
| 2021-01-06 | CVE-2020-8160 | Cross-site Scripting vulnerability in Mendix Mendixsso 2.0.0/2.1.0/2.1.1 MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. | 4.3 |
| 2019-09-10 | CVE-2019-12996 | Server-Side Request Forgery (SSRF) vulnerability in Mendix In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. | 5.0 |