VYPR
Unrated severityNVD Advisory· Published Feb 14, 2023· Updated Mar 20, 2025

CVE-2023-23835

CVE-2023-23835

Description

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15). Some of the Mendix runtime API’s allow attackers to bypass XPath constraints and retrieve information using XPath queries that trigger errors.

Affected products

7
  • Mendix/Mendixllm-fuzzy
    Range: < V7.23.34, < V8.18.23, < V9.22.0, < V9.12.10, < V9.18.4, < V9.6.15
  • Siemens/Mendix Applications using Mendix 7v5
    Range: All versions < V7.23.34
  • Siemens/Mendix Applications using Mendix 8v5
    Range: All versions < V8.18.23
  • Siemens/Mendix Applications using Mendix 9v5
    Range: All versions < V9.22.0
  • Siemens/Mendix Applications using Mendix 9 (V9.12)v5
    Range: All versions < V9.12.10
  • Siemens/Mendix Applications using Mendix 9 (V9.18)v5
    Range: All versions < V9.18.4
  • Siemens/Mendix Applications using Mendix 9 (V9.6)v5
    Range: All versions < V9.6.15

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.