Security Advisories

Last modified: November 14, 2023

1 Introduction

Mendix publishes security advisories by leveraging Siemens ProductCERT, which is a dedicated team of seasoned security experts that manages the receipt, investigation, internal coordination, and public reporting of security issues related to Siemens products, solutions, and services.

Mendix adds the CVSS score and CVSS vector for security vulnerabilities described in the Studio Pro release notes. Mendix also adds the Mendix-specific CVE IDs when they become available.

2 Security Advisory Details

CVE ID CVSS v3.1 Base Score Siemens Security Advisory (SSA) Description Notes
CVE-2023-4863 7.5 Code Execution Vulnerability (libwebp CVE-2023-4863) in Mendix Studio Pro See the SSA description for remediation details.
CVE-2023-45794 6.8 Privilege Escalation Vulnerability in Mendix Runtime See the SSA description for remediation details.
CVE-2023-43623 5.3 User Enumeration Vulnerability in Mendix Forgot Password Module See the SSA description for remediation details.
CVE-2023-29129 9.1 Authentication Bypass Vulnerability in Mendix SAML Module See the SSA description for remediation details.
CVE-2023-25957 9.1 Authentication Bypass Vulnerability in Mendix SAML Module See the SSA description for remediation details.
CVE-2023-27464 5.3 Observable Response Discrepancy in Mendix Forgot Password Module See the SSA description for remediation details.
CVE-2023-23835 5.9 XPath Constraint Vulnerability in Mendix Runtime See the SSA description for remediation details.
CVE-2022-46823 9.3 Cross-Site Scripting Vulnerability in Mendix SAML Module See the SSA description for remediation details.
CVE-2022-46664 8.1 Improper Access Control Vulnerability in Mendix Workflow Commons Module See the SSA description for remediation details.
CVE-2022-45936 8.1 Improper Access Control Vulnerability in Mendix Email Connector Module See the SSA description for remediation details.
CVE-2022-44457 7.4 Authentication Bypass Vulnerability in Mendix SAML See the SSA description for remediation details.
CVE-2022-37011 7.4 Authentication Bypass Vulnerability in Mendix SAML See the SSA description for remediation details.
CVE-2022-34466 6.5 Expression Injection Vulnerability in Mendix Applications See the SSA description for remediation details.
CVE-2022-31257 4.9 Improper Access Control Vulnerability in Mendix See the SSA description for remediation details.
CVE-2022-34467 6.5 XML Entity Expansion Injection Vulnerability in Mendix Excel Importer Module See the SSA description for remediation details.
CVE-2022-32285 8.3 Privilege Escalation Vulnerability in Mendix SAML Module See the SSA description for remediation details.
CVE-2022-32286 7.6 Privilege Escalation Vulnerability in Mendix SAML Module See the SSA description for remediation details.
CVE-2022-25650 3.1 Improper Access Control Vulnerability in Mendix See the SSA description for remediation details.
CVE-2022-27241 5.3 Information Disclosure Vulnerability in Mendix See the SSA description for remediation details.
CVE-2022-26313 9.1 Vulnerability in Mendix Forgot Password Marketplace Module See the SSA description for remediation details.
CVE-2022-26314 7.4 Vulnerability in Mendix Forgot Password Marketplace Module See the SSA description for remediation details.
CVE-2022-24309 5.9 XPath Constraint Vulnerability in Mendix Runtime See the SSA description for remediation details.
CVE-2022-26317 7.7 Improper Access Control Vulnerability in Mendix See the SSA description for remediation details.
CVE-2021-42015 4.0 Information Disclosure Vulnerability in Mendix See the SSA description for remediation details.
CVE-2021-42025 5.3 Two Incorrect Authorization Vulnerabilities in Mendix See the SSA description for remediation details.
CVE-2021-42026 3.1 Two Incorrect Authorization Vulnerabilities in Mendix See the SSA description for remediation details.
CVE-2021-33718 5.3 Access Check Bypass Vulnerability in Mendix See the SSA description for remediation details.
CVE-2021-33712 8.1 Privilege Escalation Vulnerability in Mendix SAML Module See the SSA description for remediation details.
CVE-2021-31339 4.3 Information Disclosure Vulnerability in Mendix Excel Importer Module See the SSA description for remediation details.
CVE-2021-31341 4.3 Information Disclosure Vulnerability in Mendix Database Replication Module See the SSA description for remediation details.
CVE-2021-27394 8.1 Privilege Escalation Vulnerability in Mendix See the SSA description for remediation details.
CVE-2021-25672 6.8 Mendix Forgot Password App Store Module See the SSA description for remediation details.

3 More Information