CVE-2022-27241 - OpenCVE

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mendix	Mendix

Configuration 1 [-]

cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-04-12T09:08:00

Updated: 2024-08-03T05:25:32.284Z

Reserved: 2022-03-18T00:00:00

Link: CVE-2022-27241

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-04-12T09:15:15.060

Modified: 2022-07-12T14:15:15.560

Link: CVE-2022-27241

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Mendix Applications using Mendix 7", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V7.23.31"}]}, {"product": "Mendix Applications using Mendix 8", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V8.18.18"}]}, {"product": "Mendix Applications using Mendix 9", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V9.11"}]}, {"product": "Mendix Applications using Mendix 9 (V9.6)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V9.6.12"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-12T10:06:37", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-27241", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Mendix Applications using Mendix 7", "version": {"version_data": [{"version_value": "All versions < V7.23.31"}]}}, {"product_name": "Mendix Applications using Mendix 8", "version": {"version_data": [{"version_value": "All versions < V8.18.18"}]}}, {"product_name": "Mendix Applications using Mendix 9", "version": {"version_data": [{"version_value": "All versions < V9.11"}]}}, {"product_name": "Mendix Applications using Mendix 9 (V9.6)", "version": {"version_data": [{"version_value": "All versions < V9.6.12"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:25:32.284Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-27241", "datePublished": "2022-04-12T09:08:00", "dateReserved": "2022-03-18T00:00:00", "dateUpdated": "2024-08-03T05:25:32.284Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC850CB1-4E44-4D38-90E2-48CA73A979A4", "versionEndExcluding": "9.11.0", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en las aplicaciones de Mendix que utilizan Mendix 7 (Todas las versiones anteriores a la versi\u00f3n V7.23.31), las aplicaciones de Mendix que utilizan Mendix 8 (Todas las versiones anteriores a la versi\u00f3n V8.18.18), las aplicaciones de Mendix que utilizan Mendix 9 (Todas las versiones anteriores a la versi\u00f3n V9.11), las aplicaciones de Mendix que utilizan Mendix 9 (V9.6) (Todas las versiones anteriores a la versi\u00f3n V9.6.12). Las aplicaciones construidas con un sistema afectado exponen p\u00fablicamente la estructura interna del proyecto. Esto podr\u00eda permitir a un atacante remoto no autentificado leer informaci\u00f3n confidencial"}], "id": "CVE-2022-27241", "lastModified": "2022-07-12T14:15:15.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-12T09:15:15.060", "references": [{"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "productcert@siemens.com", "type": "Secondary"}]}