VYPR
Unrated severityNVD Advisory· Published Nov 8, 2022· Updated May 1, 2025

CVE-2022-44457

CVE-2022-44457

Description

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option 'Allow Idp Initiated Authentication' is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.

Affected products

5
  • Range: <3.3.4
  • Siemens/Mendix SAML (Mendix 7 compatible)v5
    Range: All versions >= V1.17.0 < V1.17.2
  • Siemens/Mendix SAML (Mendix 8 compatible)v5
    Range: All versions >= V2.3.0 < V2.3.2
  • Siemens/Mendix SAML (Mendix 9 compatible, New Track)v5
    Range: All versions >= V3.3.1 < V3.3.5
  • Siemens/Mendix SAML (Mendix 9 compatible, Upgrade Track)v5
    Range: All versions >= V3.3.0 < V3.3.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.