Unrated severityNVD Advisory· Published Mar 8, 2022· Updated Aug 3, 2024
CVE-2022-26314
CVE-2022-26314
Description
A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations.
Affected products
3>=3.3.0 <3.5.1; <3.2.2 (Mendix 7 compatible)+ 2 more
- (no CPE)range: >=3.3.0 <3.5.1; <3.2.2 (Mendix 7 compatible)
- (no CPE)range: All versions >= V3.3.0 < V3.5.1
- (no CPE)range: All versions < V3.2.2
Patches
Vulnerability mechanics
References
1- cert-portal.siemens.com/productcert/pdf/ssa-134279.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.