Overview
- Description
- A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords.
- Source
- productcert@siemens.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- productcert@siemens.com
- CWE-284
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A25B23A6-DFBF-46B4-BF0C-5819189EB009",
"versionEndExcluding": "7.32.31",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8471E2B7-B69D-4D3F-AA7C-B953F28E6D6E",
"versionEndExcluding": "8.18.18",
"versionStartIncluding": "8.0.0"
},
{
"criteria": "cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB45CC2F-34B6-4824-8DFC-E571C3F1E873",
"versionEndExcluding": "9.6.12",
"versionStartIncluding": "9.6.0"
},
{
"criteria": "cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11365A01-2860-4627-8947-1FDB3DC0C454",
"versionEndExcluding": "9.12.2",
"versionStartIncluding": "9.12.0"
},
{
"criteria": "cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6942480-6F30-4C74-81DB-ED498BCA42F2",
"versionEndExcluding": "9.14.0",
"versionStartIncluding": "9.13.0"
}
],
"operator": "OR"
}
]
}
]