CVE-2025-30280
CVE-2025-30280
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions < V10.6.22), Mendix Runtime V8 (All versions < V8.18.35), Mendix Runtime V9 (All versions < V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Siemens · Mendix Runtime V10Siemens · Mendix Runtime V10.12Siemens · Mendix Runtime V10.18Siemens · Mendix Runtime V10.6Siemens · Mendix Runtime V8Siemens · Mendix Runtime V9Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →