CVE-2022-31257
N/A
N/A
Summary
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | Mendix Applications using Mendix 7 | All versions < V7.23.31 | affected |
| Siemens | Mendix Applications using Mendix 8 | All versions < V8.18.18 | affected |
| Siemens | Mendix Applications using Mendix 9 | All versions < V9.14.0 | affected |
| Siemens | Mendix Applications using Mendix 9 (V9.12) | All versions < V9.12.2 | affected |
| Siemens | Mendix Applications using Mendix 9 (V9.6) | All versions < V9.6.12 | affected |
Weaknesses
- CWE-284: CWE-284: Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.