CVE-2022-27241Sensitive Information Exposure in Mendix

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
MendixSiemens Mendix Applications Using Mendix 7Siemens Mendix Applications Using Mendix 8+1 more
Timeline
PublishedApr 12
Latest updateApr 13

Description

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5siemens/mendix_applications_using_mendix_7All versions < V7.23.31
CVEListV5siemens/mendix_applications_using_mendix_8All versions < V8.18.18
CVEListV5siemens/mendix_applications_using_mendix_9All versions < V9.11, All versions < V9.6.12+1
NVDmendix/mendix7.0.09.11.0

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-97hm-cg72-fxrh: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix Applications using Mendix 8 (All versions), Mendix Ap2022-04-13
CVEList
CVE-2022-27241: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V72022-04-12
CVE-2022-27241 — Sensitive Information Exposure | cvebase