Siemens Mendix Applications Using Mendix 9 vulnerabilities

CVE-2024-33500 [HIGH] CWE-269 CVE-2024-33500: A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0) A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions = V9.3.0 < V9.24.22). Affected applications could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id of a target role which contains the elevated access rights.

CVE-2023-45794 [MEDIUM] CWE-294 CVE-2023-45794: A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to ap

CVE-2023-23835 [MEDIUM] CWE-284 CVE-2023-23835: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions

CVE-2022-31257 [HIGH] CWE-284 CVE-2022-31257: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9

CVE-2022-34466 [MEDIUM] CWE-74 CVE-2022-34466: A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a mali

CVE-2022-27241 [HIGH] CWE-200 CVE-2022-27241: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the

CVE-2022-25650 [MEDIUM] CWE-284 CVE-2022-25650: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3). When querying the database, it is possible to sort the resul

CVE-2021-42026 [MEDIUM] CWE-863 CVE-2021-42026: A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow authenticated attackers to retrieve the change

CVE-2021-42015 [MEDIUM] CWE-525 CVE-2021-42015: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are op

CVE-2021-42025 [MEDIUM] CWE-863 CVE-2021-42025: A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the con

CVE-2021-33718 [MEDIUM] CWE-863 CVE-2021-33718: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be bypassed, if user has a write permissions to the first attribute of this

CVE-2021-27394 [HIGH] CWE-269 CVE-2021-27394: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0