VDB
SSA-097435
SSA-097435
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Mendix Runtime contains an observable response discrepancy vulnerability when validating usernames during authentication. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mendix Runtime V9 | ||
| Mendix Runtime V10 | ||
| Mendix Runtime V10.12 | ||
| Mendix Runtime V10.6 | ||
| Mendix Runtime V8 |
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/html/ssa-097435.html (circl)
- https://cert-portal.siemens.com/productcert/csaf/ssa-097435.json (circl)
- https://docs.mendix.com/releasenotes/studio-pro/10/ (circl)
- https://docs.mendix.com/releasenotes/studio-pro/8/ (circl)
- https://docs.mendix.com/releasenotes/studio-pro/9/ (circl)
Timeline
- Sep 10, 2024 CVE Published
- Aug 12, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/html/ssa-097435.html advisory
- https://cert-portal.siemens.com/productcert/csaf/ssa-097435.json advisory
- https://docs.mendix.com/releasenotes/studio-pro/10/ fix
- https://docs.mendix.com/releasenotes/studio-pro/8/ fix
- https://docs.mendix.com/releasenotes/studio-pro/9/ fix