Filtered by vendor Mendix
Subscribe
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33712 | 1 Mendix | 1 Saml | 2021-06-15 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate privileges. | |||||
| CVE-2021-31339 | 1 Mendix | 1 Excel Importer | 2021-05-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3). Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework. | |||||
| CVE-2021-31341 | 1 Mendix | 1 Database Replication | 2021-05-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1). | |||||
| CVE-2021-27394 | 1 Mendix | 1 Mendix | 2021-04-22 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges. | |||||
| CVE-2020-8160 | 1 Mendix | 1 Mendixsso | 2021-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser. | |||||
| CVE-2019-12996 | 1 Mendix | 1 Mendix | 2019-09-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. | |||||