VDB
SSA-874353
SSA-874353
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Mendix Runtime V10.12 | |
| Siemens | Mendix Runtime V9 | |
| Siemens | Mendix Runtime V10.18 | |
| Siemens | Mendix Runtime V8 | |
| Siemens | Mendix Runtime V10.6 | |
| Siemens | Mendix Runtime V10 |
Timeline
- Apr 8, 2025 CVE Published
- Jun 10, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-874353.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-874353.html advisory
- https://docs.mendix.com/releasenotes/studio-pro/10/ patch
- https://docs.mendix.com/releasenotes/studio-pro/ patch
- https://docs.mendix.com/releasenotes/studio-pro/8/ patch
- https://docs.mendix.com/releasenotes/studio-pro/9/ patch