VYPR

Forgot Password Appstore module

by Mendix

CVEs (3)

  • CVE-2022-26314CriMar 8, 2022
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an…

  • CVE-2022-26313CriMar 8, 2022
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.

  • CVE-2021-25672HigMar 15, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts.