Publication Date: 2022-04-12
Last Update: 2022-06-14
Current Version: V1.1
CVSS v3.1 Base Score: 5.3

Affected Product and Versions Remediation
Mendix Applications using Mendix 7:
All versions < V7.23.31
Update your Mendix Project to V7.23.31 or later version and redeploy your application
https://docs.mendix.com/releasenotes/studio-pro/7/
Mendix Applications using Mendix 8:
All versions < V8.18.18
Update your Mendix Project to V8.18.18 or later version and redeploy your application
https://docs.mendix.com/releasenotes/studio-pro/8/
Mendix Applications using Mendix 9:
All versions < V9.11
Update your Mendix Project to V9.11 or later version and redeploy your application
https://docs.mendix.com/releasenotes/studio-pro/9/
Mendix Applications using Mendix 9 (V9.6):
All versions
Currently no fix is available
See recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 5.3
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

https://www.siemens.com/cert/advisories