CVE-2022-31257

Summary

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords.

Affected Software

VendorProductVersion RangeStatus
SiemensMendix Applications using Mendix 7All versions < V7.23.31affected
SiemensMendix Applications using Mendix 8All versions < V8.18.18affected
SiemensMendix Applications using Mendix 9All versions < V9.14.0affected
SiemensMendix Applications using Mendix 9 (V9.12)All versions < V9.12.2affected
SiemensMendix Applications using Mendix 9 (V9.6)All versions < V9.6.12affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References