Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
使用硬编码、安全相关的常数
Vulnerability Title
Siemens Mendix 安全漏洞
Vulnerability Description
Siemens Mendix是德国西门子(Siemens)公司的一套低代码应用程序开发平台。该平台提供应用程序开发、测试、部署和迭代等功能。 Siemens Mendix V10.0.0 版本到 V10.0.2 版本存在安全漏洞,该漏洞源于受影响的模块版本为 EncryptionKey 常量定义了一个特定的硬编码默认值,该值用于未指定单个 EncryptionKey 的项目。这可能允许攻击者解密任何加密的项目数据,因为默认加密密钥可以被视为已泄露。
CVSS Information
N/A
Vulnerability Type
N/A