CVE-2022-44457
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option 'Allow Idp Initiated Authentication' is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | Mendix SAML (Mendix 7 compatible) | All versions < V1.17.0 | affected |
| Siemens | Mendix SAML (Mendix 7 compatible) | All versions >= V1.17.0 < V1.17.2 | affected |
| Siemens | Mendix SAML (Mendix 8 compatible) | All versions < V2.3.0 | affected |
| Siemens | Mendix SAML (Mendix 8 compatible) | All versions >= V2.3.0 < V2.3.2 | affected |
| Siemens | Mendix SAML (Mendix 9 compatible, New Track) | All versions < V3.3.1 | affected |
| Siemens | Mendix SAML (Mendix 9 compatible, New Track) | All versions >= V3.3.1 < V3.3.5 | affected |
| Siemens | Mendix SAML (Mendix 9 compatible, Upgrade Track) | All versions < V3.3.0 | affected |
| Siemens | Mendix SAML (Mendix 9 compatible, Upgrade Track) | All versions >= V3.3.0 < V3.3.4 | affected |
Weaknesses
- CWE-294: CWE-294: Authentication Bypass by Capture-replay
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.