VYPR
Unrated severityNVD Advisory· Published Jul 12, 2022· Updated Aug 3, 2024

CVE-2022-31257

CVE-2022-31257

Description

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords.

Affected products

6
  • Mendix/Mendixllm-fuzzy
    Range: <7.23.31 / <8.18.18 / <9.14.0 (for 9.x) / <9.12.2 (9.12) / <9.6.12 (9.6)
  • Siemens/Mendix Applications using Mendix 7v5
    Range: All versions < V7.23.31
  • Siemens/Mendix Applications using Mendix 8v5
    Range: All versions < V8.18.18
  • Siemens/Mendix Applications using Mendix 9v5
    Range: All versions < V9.14.0
  • Siemens/Mendix Applications using Mendix 9 (V9.12)v5
    Range: All versions < V9.12.2
  • Siemens/Mendix Applications using Mendix 9 (V9.6)v5
    Range: All versions < V9.6.12

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.