Описание
In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.23.5 (включая)
cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00203
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
In Mendix 7.23.5 and earlier, the Excel importer module is vulnerable to SSRF, which allows attackers to craft requests from Mendix servers to any destination on the internet or a Mendix internal network, perform port scanning, and disclose lists of files located on Mendix servers.
EPSS
Процентиль: 42%
0.00203
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918