Search criteria
6 vulnerabilities found for Mendix SAML (Mendix 9 compatible, Upgrade Track) by Siemens
CVE-2022-46823 (GCVE-0-2022-46823)
Vulnerability from cvelistv5 – Published: 2023-01-10 11:39 – Updated: 2025-04-09 14:01
VLAI?
Summary
A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8). The affected module is vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link.
Severity ?
9.3 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Mendix SAML (Mendix 8 compatible) |
Affected:
All versions >= V2.3.0 < V2.3.4
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-496604.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:01:19.219213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:01:27.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Mendix SAML (Mendix 8 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3.0 \u003c V2.3.4"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix SAML (Mendix 9 compatible, New Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V3.3.0 \u003c V3.3.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V3.3.0 \u003c V3.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions \u003e= V2.3.0 \u003c V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003e= V3.3.0 \u003c V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003e= V3.3.0 \u003c V3.3.8). The affected module is vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T11:39:46.211Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-496604.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-46823",
"datePublished": "2023-01-10T11:39:46.211Z",
"dateReserved": "2022-12-08T15:19:35.234Z",
"dateUpdated": "2025-04-09T14:01:27.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44457 (GCVE-0-2022-44457)
Vulnerability from cvelistv5 – Published: 2022-11-08 00:00 – Updated: 2025-05-01 18:07
VLAI?
Summary
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.
Severity ?
9.8 (Critical)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Mendix SAML (Mendix 7 compatible) |
Affected:
All versions < V1.17.0
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:54:03.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-44457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T18:07:08.237002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T18:07:21.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mendix SAML (Mendix 7 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.17.0"
}
]
},
{
"product": "Mendix SAML (Mendix 7 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V1.17.0 \u003c V1.17.2"
}
]
},
{
"product": "Mendix SAML (Mendix 8 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.0"
}
]
},
{
"product": "Mendix SAML (Mendix 8 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3.0 \u003c V2.3.2"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, New Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.1"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, New Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V3.3.1 \u003c V3.3.5"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.0"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V3.3.0 \u003c V3.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions \u003c V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions \u003e= V1.17.0 \u003c V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions \u003c V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions \u003e= V2.3.0 \u003c V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003c V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003e= V3.3.1 \u003c V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003c V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003e= V3.3.0 \u003c V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `\u0027Allow Idp Initiated Authentication\u0027` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-44457",
"datePublished": "2022-11-08T00:00:00.000Z",
"dateReserved": "2022-10-31T00:00:00.000Z",
"dateUpdated": "2025-05-01T18:07:21.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37011 (GCVE-0-2022-37011)
Vulnerability from cvelistv5 – Published: 2022-09-13 00:00 – Updated: 2024-08-03 10:21
VLAI?
Summary
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.
Severity ?
No CVSS data available.
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Mendix SAML (Mendix 7 compatible) |
Affected:
All versions < V1.17.0
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mendix SAML (Mendix 7 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.17.0"
}
]
},
{
"product": "Mendix SAML (Mendix 8 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.0"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, New Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.1"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions \u003c V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions \u003c V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003c V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003c V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `\u0027Allow Idp Initiated Authentication\u0027` is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-37011",
"datePublished": "2022-09-13T00:00:00",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46823 (GCVE-0-2022-46823)
Vulnerability from nvd – Published: 2023-01-10 11:39 – Updated: 2025-04-09 14:01
VLAI?
Summary
A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8). The affected module is vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link.
Severity ?
9.3 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Mendix SAML (Mendix 8 compatible) |
Affected:
All versions >= V2.3.0 < V2.3.4
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-496604.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:01:19.219213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:01:27.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Mendix SAML (Mendix 8 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3.0 \u003c V2.3.4"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix SAML (Mendix 9 compatible, New Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V3.3.0 \u003c V3.3.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V3.3.0 \u003c V3.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions \u003e= V2.3.0 \u003c V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003e= V3.3.0 \u003c V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003e= V3.3.0 \u003c V3.3.8). The affected module is vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T11:39:46.211Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-496604.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-46823",
"datePublished": "2023-01-10T11:39:46.211Z",
"dateReserved": "2022-12-08T15:19:35.234Z",
"dateUpdated": "2025-04-09T14:01:27.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44457 (GCVE-0-2022-44457)
Vulnerability from nvd – Published: 2022-11-08 00:00 – Updated: 2025-05-01 18:07
VLAI?
Summary
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.
Severity ?
9.8 (Critical)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Mendix SAML (Mendix 7 compatible) |
Affected:
All versions < V1.17.0
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:54:03.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-44457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T18:07:08.237002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T18:07:21.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mendix SAML (Mendix 7 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.17.0"
}
]
},
{
"product": "Mendix SAML (Mendix 7 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V1.17.0 \u003c V1.17.2"
}
]
},
{
"product": "Mendix SAML (Mendix 8 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.0"
}
]
},
{
"product": "Mendix SAML (Mendix 8 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3.0 \u003c V2.3.2"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, New Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.1"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, New Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V3.3.1 \u003c V3.3.5"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.0"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V3.3.0 \u003c V3.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions \u003c V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions \u003e= V1.17.0 \u003c V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions \u003c V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions \u003e= V2.3.0 \u003c V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003c V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003e= V3.3.1 \u003c V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003c V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003e= V3.3.0 \u003c V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `\u0027Allow Idp Initiated Authentication\u0027` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-44457",
"datePublished": "2022-11-08T00:00:00.000Z",
"dateReserved": "2022-10-31T00:00:00.000Z",
"dateUpdated": "2025-05-01T18:07:21.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37011 (GCVE-0-2022-37011)
Vulnerability from nvd – Published: 2022-09-13 00:00 – Updated: 2024-08-03 10:21
VLAI?
Summary
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.
Severity ?
No CVSS data available.
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Mendix SAML (Mendix 7 compatible) |
Affected:
All versions < V1.17.0
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mendix SAML (Mendix 7 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.17.0"
}
]
},
{
"product": "Mendix SAML (Mendix 8 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.0"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, New Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.1"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions \u003c V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions \u003c V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003c V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003c V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `\u0027Allow Idp Initiated Authentication\u0027` is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-37011",
"datePublished": "2022-09-13T00:00:00",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}