Unrated severityNVD Advisory· Published Jul 12, 2022· Updated Aug 3, 2024
CVE-2022-31257
CVE-2022-31257
Description
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords.
Affected products
6- Siemens/Mendix Applications using Mendix 7v5Range: All versions < V7.23.31
- Siemens/Mendix Applications using Mendix 8v5Range: All versions < V8.18.18
- Siemens/Mendix Applications using Mendix 9v5Range: All versions < V9.14.0
- Siemens/Mendix Applications using Mendix 9 (V9.12)v5Range: All versions < V9.12.2
- Siemens/Mendix Applications using Mendix 9 (V9.6)v5Range: All versions < V9.6.12
Patches
Vulnerability mechanics
References
1- cert-portal.siemens.com/productcert/pdf/ssa-433782.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.