VYPR
Unrated severityNVD Advisory· Published Jun 14, 2022· Updated Aug 3, 2024

CVE-2022-32285

CVE-2022-32285

Description

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances.

Affected products

4
  • Siemens Foundation/Mendix SAMLllm-fuzzy4 versions
    All versions < V1.16.6 (Mendix 7 compatible), < V2.2.2 (Mendix 8 compatible), < V3.2.3 (Mendix 9 compatible)+ 3 more
    • (no CPE)range: All versions < V1.16.6 (Mendix 7 compatible), < V2.2.2 (Mendix 8 compatible), < V3.2.3 (Mendix 9 compatible)
    • (no CPE)range: All versions < V1.16.6
    • (no CPE)range: All versions < V2.2.2
    • (no CPE)range: All versions < V3.2.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.