Refine your search
3 vulnerabilities found for Mendix SAML (Mendix 9 compatible, New Track) by Siemens
CVE-2022-46823 (GCVE-0-2022-46823)
Vulnerability from cvelistv5
Published
2023-01-10 11:39
Modified
2025-04-09 14:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8). The affected module is vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Mendix SAML (Mendix 8 compatible) |
Version: All versions >= V2.3.0 < V2.3.4 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-496604.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:01:19.219213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:01:27.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Mendix SAML (Mendix 8 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3.0 \u003c V2.3.4"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix SAML (Mendix 9 compatible, New Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V3.3.0 \u003c V3.3.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V3.3.0 \u003c V3.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions \u003e= V2.3.0 \u003c V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003e= V3.3.0 \u003c V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003e= V3.3.0 \u003c V3.3.8). The affected module is vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T11:39:46.211Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-496604.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-46823",
"datePublished": "2023-01-10T11:39:46.211Z",
"dateReserved": "2022-12-08T15:19:35.234Z",
"dateUpdated": "2025-04-09T14:01:27.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44457 (GCVE-0-2022-44457)
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2025-05-01 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Summary
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Mendix SAML (Mendix 7 compatible) |
Version: All versions < V1.17.0 |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:54:03.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-44457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T18:07:08.237002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T18:07:21.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mendix SAML (Mendix 7 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.17.0"
}
]
},
{
"product": "Mendix SAML (Mendix 7 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V1.17.0 \u003c V1.17.2"
}
]
},
{
"product": "Mendix SAML (Mendix 8 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.0"
}
]
},
{
"product": "Mendix SAML (Mendix 8 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3.0 \u003c V2.3.2"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, New Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.1"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, New Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V3.3.1 \u003c V3.3.5"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.0"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V3.3.0 \u003c V3.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions \u003c V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions \u003e= V1.17.0 \u003c V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions \u003c V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions \u003e= V2.3.0 \u003c V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003c V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003e= V3.3.1 \u003c V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003c V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003e= V3.3.0 \u003c V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `\u0027Allow Idp Initiated Authentication\u0027` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-44457",
"datePublished": "2022-11-08T00:00:00.000Z",
"dateReserved": "2022-10-31T00:00:00.000Z",
"dateUpdated": "2025-05-01T18:07:21.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37011 (GCVE-0-2022-37011)
Vulnerability from cvelistv5
Published
2022-09-13 00:00
Modified
2024-08-03 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Summary
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Mendix SAML (Mendix 7 compatible) |
Version: All versions < V1.17.0 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mendix SAML (Mendix 7 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.17.0"
}
]
},
{
"product": "Mendix SAML (Mendix 8 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.0"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, New Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.1"
}
]
},
{
"product": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions \u003c V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions \u003c V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions \u003c V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions \u003c V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `\u0027Allow Idp Initiated Authentication\u0027` is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-37011",
"datePublished": "2022-09-13T00:00:00.000Z",
"dateReserved": "2022-07-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:21:32.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}