CVE-2022-34467
MEDIUMMendix Excel Importer < 9.2.2 - XML Entity Expansion Injection
Title source: llmDescription
A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the availability of the affected component.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-610768.pdf
Scores
CVSS v3
6.5
EPSS
0.0065
EPSS Percentile
46.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-776
Status
published
Products (1)
mendix/excel_importer
< 9.2.2
Published
Jul 12, 2022
Tracked Since
Feb 18, 2026