CVE-2022-34467

MEDIUM

Mendix Excel Importer < 9.2.2 - XML Entity Expansion

Title source: rule

Description

A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the availability of the affected component.

References (1)

[Patch, Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-610768.pdf

Scores

CVSS v3 6.5

EPSS 0.0044

EPSS Percentile 63.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-776

Status published

Products (1)

mendix/excel_importer < 9.2.2

Published Jul 12, 2022

Tracked Since Feb 18, 2026