CVE-2022-31257
Published: Jul 12, 2022
Modified: Aug 3, 2024
Description
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords.
| Vendor | Product | Versions |
|---|---|---|
Siemens | Mendix Applications using Mendix 7 | affected All versions < V7.23.31 |
Siemens | Mendix Applications using Mendix 8 | affected All versions < V8.18.18 |
Siemens | Mendix Applications using Mendix 9 | affected All versions < V9.14.0 |
Siemens | Mendix Applications using Mendix 9 (V9.12) | affected All versions < V9.12.2 |
Siemens | Mendix Applications using Mendix 9 (V9.6) | affected All versions < V9.6.12 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now