CVE-2022-34466

CWE-74CWE-9173 documents3 sources
Severity
6.5MEDIUM
EPSS
0.7%
top 27.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mendix MendixSiemens Mendix Applications Using Mendix 9Siemens Mendix Applications Using Mendix 9 (v9.12)
Timeline
PublishedJul 12
Latest updateJul 13

Description

A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information in a certain configuration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5siemens/mendix_applications_using_mendix_9All versions >= V9.11 < V9.15
CVEListV5siemens/mendix_applications_using_mendix_9_(v9.12)All versions < V9.12.3
NVDmendix/mendix9.11.09.15.0

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-3jpc-997v-x927: A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V92022-07-13
CVEList
CVE-2022-34466: A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V92022-07-12