mendix 漏洞與 CVE 列表(30)

產品(CPE): — CVE 數: 30

mendix 漏洞概覽

彙總 mendix 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

已披露問題常與 跨站腳本、XXE與SSRF 相關,可能在 軟體部署與生產負載 場景中帶來 工作階段劫持與檔案覆寫 等暴露風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 213030 CVE 數
«« 第一頁 « 上一頁 第 2 / 2 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2021-42026 A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow authenticated attackers to retrieve the changedDate attribute of arbitrary objects, even when they don't have read access to them. [email protected] 4.3 0.55% 2021-11-09 2026-06-17
CVE-2021-42025 A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the content of System.FileDocument objects in some cases, regardless whether they have write access to it. [email protected] 6.5 0.56% 2021-11-09 2026-06-17
CVE-2021-42015 A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache. [email protected] 5.5 0.22% 2021-11-09 2026-06-17
CVE-2021-33712 A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate privileges. [email protected] 8.8 0.60% 2021-06-08 2026-06-16
CVE-2021-31341 Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1). [email protected] 4.3 0.72% 2021-05-12 2026-06-16
CVE-2021-31339 A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3). Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework. [email protected] 4.3 0.76% 2021-05-12 2026-06-16
CVE-2021-27394 A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them [email protected] 8.8 0.80% 2021-04-16 2026-06-16
CVE-2021-25672 A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts. [email protected] 8.8 0.86% 2021-03-15 2026-06-16
CVE-2020-8160 MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser. [email protected] 6.1 0.71% 2021-01-06 2026-06-16
CVE-2019-12996 In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. [email protected] 5.3 0.82% 2019-09-10 2026-06-16
«« 第一頁 « 上一頁 第 2 / 2 頁 下一頁 »
cvelogic Threat Intelligence