PT-2022-3581 · Mendix · Mendix
Published
2022-04-12
·
Updated
2022-07-12
·
CVE-2022-27241
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mendix versions prior to 7.23.31
Mendix versions prior to 8.18.18
Mendix versions prior to 9.11
Mendix version 9.6 versions prior to 9.6.12
Description
The issue is related to insufficient protection of internal data in the Mendix platform, which can allow a remote attacker to disclose the structure of a created project. This could enable an unauthenticated remote attacker to read confidential information. Applications built with an affected system publicly expose the internal project structure.
Recommendations
For Mendix versions prior to 7.23.31, update to version 7.23.31 or later.
For Mendix versions prior to 8.18.18, update to version 8.18.18 or later.
For Mendix versions prior to 9.11, update to version 9.11 or later.
For Mendix version 9.6 versions prior to 9.6.12, update to version 9.6.12 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mendix