Unrated severityNVD Advisory· Published Feb 14, 2023· Updated Mar 20, 2025
CVE-2023-23835
CVE-2023-23835
Description
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15). Some of the Mendix runtime API’s allow attackers to bypass XPath constraints and retrieve information using XPath queries that trigger errors.
Affected products
7- Siemens/Mendix Applications using Mendix 7v5Range: All versions < V7.23.34
- Siemens/Mendix Applications using Mendix 8v5Range: All versions < V8.18.23
- Siemens/Mendix Applications using Mendix 9v5Range: All versions < V9.22.0
- Siemens/Mendix Applications using Mendix 9 (V9.12)v5Range: All versions < V9.12.10
- Siemens/Mendix Applications using Mendix 9 (V9.18)v5Range: All versions < V9.18.4
- Siemens/Mendix Applications using Mendix 9 (V9.6)v5Range: All versions < V9.6.15
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.