CVE-2022-26313

Summary

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.

Affected Software

VendorProductVersion RangeStatus
SiemensMendix Forgot Password Appstore moduleAll versions >= V3.3.0 < V3.5.1affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References