CVE-2022-25650

Name of the Vulnerable Software and Affected Versions Mendix Applications using Mendix 7 versions prior to 7.23.27 Mendix Applications using Mendix 8 versions prior to 8.18.14 Mendix Applications using Mendix 9 versions prior to 9.12.0 Mendix Applications using Mendix 9 (V9.6) versions prior to 9.6.3

Description A vulnerability has been identified in Mendix Applications. When querying the database, it is possible to sort the results using a protected field. With this, an authenticated attacker could extract information about the contents of a protected field. The issue is related to configuration errors in the database of the Mendix platform.

Recommendations For Mendix 7 versions prior to 7.23.27, update to version 7.23.27 or later to resolve the issue. For Mendix 8 versions prior to 8.18.14, update to version 8.18.14 or later to resolve the issue. For Mendix 9 versions prior to 9.12.0, update to version 9.12.0 or later to resolve the issue. For Mendix 9 (V9.6) versions prior to 9.6.3, update to version 9.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to protected fields in the database to minimize the risk of exploitation.