CVE-2022-34466
N/A
N/A
Summary
A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information in a certain configuration.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | Mendix Applications using Mendix 9 | All versions >= V9.11 < V9.15 | affected |
| Siemens | Mendix Applications using Mendix 9 (V9.12) | All versions < V9.12.3 | affected |
Weaknesses
- CWE-74: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.