CVE-2022-27241

Опубликовано: 12 апр. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdf
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdf
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 9.11.0 (исключая)

EPSS

Процентиль: 67%

0.00537

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-97hm-cg72-fxrh

CVSS3: 7.5

github

почти 4 года назад

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix Applications using Mendix 8 (All versions), Mendix Applications using Mendix 9 (All versions < V9.11). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information.

BDU:2022-04365

CVSS3: 5.3

fstec