CVE-2022-34467

Summary

A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the availability of the affected component.

Affected Software

VendorProductVersion RangeStatus
SiemensMendix Excel Importer Module (Mendix 8 compatible)All versions < V9.2.2affected
SiemensMendix Excel Importer Module (Mendix 9 compatible)All versions < V10.1.2affected

Weaknesses

  • CWE-776: CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

ADP Enrichment

CVE Program Container

Additional References

References