CVE-2021-31341

Опубликовано: 12 мая 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1).

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-919955.pdf
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-05
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-919955.pdf
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-05
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mendix:database_replication:*:*:*:*:*:*:*:*

Версия до 7.0.1 (исключая)

EPSS

Процентиль: 42%

0.00199

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-209

Связанные уязвимости

GHSA-99j4-r9vg-37r9

github

больше 3 лет назад

A vulnerability has been identified in Mendix Database Replication (All versions < V7.0.1). Uploading a table mapping using a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework.