Siemens Mendix Excel Importer Module is vulnerable to a denial of service, caused by an XML entity expansion vulnerability. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
Siemens Mendix Applications using Mendix 9 could allow a remote authenticated attacker to obtain sensitive information, caused by an expression injection vulnerability in the Workflow processing. By using the Workflow visual language, an attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.