PT-2022-22173 · Mendix · Mendix Excel Importer Module

Published

2022-07-12

Updated

2022-07-20

CVE-2022-34467

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Mendix Excel Importer Module (Mendix 8 compatible) versions prior to 9.2.2 Mendix Excel Importer Module (Mendix 9 compatible) versions prior to 10.1.2

Description A vulnerability has been identified that affects the availability of the Mendix Excel Importer Module. The issue is related to XML Entity Expansion Injection, which an attacker may exploit to compromise the component.

Recommendations For Mendix Excel Importer Module (Mendix 8 compatible) versions prior to 9.2.2, update to version 9.2.2 or later. For Mendix Excel Importer Module (Mendix 9 compatible) versions prior to 10.1.2, update to version 10.1.2 or later.

Fix

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-776

Related Identifiers

CVE-2022-34467

Affected Products

Mendix Excel Importer Module

PT-2022-22173 · Mendix · Mendix Excel Importer Module

CVE-2022-34467

Weakness Enumeration

Related Identifiers

Affected Products

References · 3