Vulnerabilites related to Siemens - Mendix Excel Importer Module (Mendix 9 compatible)
CVE-2022-34467 (GCVE-0-2022-34467)
Vulnerability from cvelistv5
Published
2022-07-12 10:07
Modified
2024-08-03 09:15
Severity ?
CWE
  • CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Summary
A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the availability of the affected component.
References
Impacted products
Vendor Product Version
Siemens Mendix Excel Importer Module (Mendix 8 compatible) Version: All versions < V9.2.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:15:15.207Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-610768.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mendix Excel Importer Module (Mendix 8 compatible)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V9.2.2"
            }
          ]
        },
        {
          "product": "Mendix Excel Importer Module (Mendix 9 compatible)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V10.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions \u003c V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions \u003c V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the availability of the affected component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-776",
              "description": "CWE-776: Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-12T10:07:23",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-610768.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2022-34467",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mendix Excel Importer Module (Mendix 8 compatible)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V9.2.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Mendix Excel Importer Module (Mendix 9 compatible)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V10.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions \u003c V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions \u003c V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the availability of the affected component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-776: Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-610768.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-610768.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-34467",
    "datePublished": "2022-07-12T10:07:23",
    "dateReserved": "2022-06-24T00:00:00",
    "dateUpdated": "2024-08-03T09:15:15.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}