{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T08:11:38.931","vulnerabilities":[{"cve":{"id":"CVE-2023-23835","sourceIdentifier":"productcert@siemens.com","published":"2023-02-14T11:15:14.687","lastModified":"2024-11-21T07:46:55.280","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15). Some of the Mendix runtime API’s allow attackers to bypass XPath constraints and retrieve information using XPath queries that trigger errors."}],"metrics":{"cvssMetricV31":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.2","versionEndExcluding":"7.23.34","matchCriteriaId":"43E9E16C-936B-47D4-B5C1-30EAF7F6B8AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.18.23","matchCriteriaId":"7A1ED592-BD7C-43FB-812E-15F579F8F40E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.6.15","matchCriteriaId":"B3CFFFE6-F0CD-4C06-B3D7-44F3FA84B346"},{"vulnerable":true,"criteria":"cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*","versionStartIncluding":"9.7.0","versionEndExcluding":"9.12.10","matchCriteriaId":"DFBB912C-5B70-436C-A615-717C6C90E25C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*","versionStartIncluding":"9.18.0","versionEndExcluding":"9.18.4","matchCriteriaId":"7AC5D595-F345-4533-BF6D-451CAFF17E13"},{"vulnerable":true,"criteria":"cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*","versionStartIncluding":"9.19.0","versionEndExcluding":"9.22.0","matchCriteriaId":"9B9D7FEC-9D09-4CFD-AD46-880655E27898"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-252808.pdf","source":"productcert@siemens.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-252808.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}}]}