Siemens Mendix Runtime
Moderate fix5 remedies
cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*
Moderate fix5 remedies
- < V9.24.34
- < V10.21.0
- < V10.6.22
- < V10.12.16
- < V10.18.5
- ~8
Mendix Runtime Entity Enumeration Vulnerability
Vulnerability
Patched
An entity enumeration vulnerability has been identified in Mendix Runtime versions 8, 9 (prior to 9.24.34), and 10 (prior to 10.21.0, including 10.6, 10.12, and 10.18). Affected applications exhibit distinguishable responses in certain client actions, allowing unauthenticated remote attackers to list all valid entities and attribute names within a Mendix Runtime-based application.
Impact
Exploitation of this vulnerability could lead to unauthorized entity enumeration, allowing attackers to gain insights into the application's data model by listing valid entities and their attributes.
Remediation
Users of Mendix Runtime V9 should update to V9.24.34 or later. Users of Mendix Runtime V10 should update to V10.21.0 or later. For Mendix Runtime V10.6, V10.12, and V10.18, users should update to V10.6.22, V10.12.16, and V10.18.5 respectively.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
0.8impact
0.6exploitability
8.1remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.