CVE-2022-27241: 
Mendix vulnerability analysis and mitigation

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix 8 (All versions < V8.18.18), Mendix 9 (All versions < V9.11), and Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the internal project structure, which could allow an unauthenticated remote attacker to read confidential information (CISA Advisory).

The vulnerability has been assigned a CVSS v3 base score of 5.3, with the vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). This indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and primarily impacts confidentiality (CISA Advisory).

The primary impact of this vulnerability is the potential exposure of confidential information. An unauthenticated remote attacker could access and read internal project structure information that should not be publicly accessible (CISA Advisory).

Siemens has released updates to address this vulnerability. Users should update to the following versions: Mendix 7 users should update to Version 7.23.31 or later, Mendix 8 users should update to Version 8.18.18 or later, Mendix 9 users should update to Version 9.11 or later, and Mendix 9 (v9.6) users should update to Version 9.6.12 or later (CISA Advisory).