CVE-2022-46664

Summary

A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities.

This could allow authenticated remote attackers to read or delete sensitive information.

Affected Software

VendorProductVersion RangeStatus
SiemensMendix Workflow CommonsAll versions < V2.4.0affected
SiemensMendix Workflow Commons V2.1All versions < V2.1.4affected
SiemensMendix Workflow Commons V2.3All versions < V2.3.2affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References