CVE-2022-25650

Summary

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3). When querying the database, it is possible to sort the results using a protected field. With this an authenticated attacker could extract information about the contents of a protected field.

Affected Software

VendorProductVersion RangeStatus
SiemensMendix Applications using Mendix 7All versions < V7.23.27affected
SiemensMendix Applications using Mendix 8All versions < V8.18.14affected
SiemensMendix Applications using Mendix 9All versions < V9.12.0affected
SiemensMendix Applications using Mendix 9 (V9.6)All versions < V9.6.3affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References