A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29), Mendix Applications using Mendix 8 (All versions < V8.18.16), Mendix Applications using Mendix 9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: siemens
Published: 2022-03-08T11:31:29
Updated: 2024-08-03T04:07:02.516Z
Reserved: 2022-02-02T00:00:00
Link: CVE-2022-24309
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-08T12:15:11.580
Modified: 2024-05-14T16:15:21.660
Link: CVE-2022-24309
Redhat
No data.