CVE-2022-44457
Published: Nov 8, 2022
Modified: May 1, 2025
Description
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.
| Vendor | Product | Versions |
|---|---|---|
Siemens | Mendix SAML (Mendix 7 compatible) | affected All versions < V1.17.0 |
Siemens | Mendix SAML (Mendix 7 compatible) | affected All versions >= V1.17.0 < V1.17.2 |
Siemens | Mendix SAML (Mendix 8 compatible) | affected All versions < V2.3.0 |
Siemens | Mendix SAML (Mendix 8 compatible) | affected All versions >= V2.3.0 < V2.3.2 |
Siemens | Mendix SAML (Mendix 9 compatible, New Track) | affected All versions < V3.3.1 |
Siemens | Mendix SAML (Mendix 9 compatible, New Track) | affected All versions >= V3.3.1 < V3.3.5 |
Siemens | Mendix SAML (Mendix 9 compatible, Upgrade Track) | affected All versions < V3.3.0 |
Siemens | Mendix SAML (Mendix 9 compatible, Upgrade Track) | affected All versions >= V3.3.0 < V3.3.4 |
Weaknesses (CWE)
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now