VDB

CISA-2023-49069

CISA-2023-49069 PUBLISHED CVSS 5.3 MEDIUM

Reported by siemens · Published September 10, 2024

A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.11 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.19 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.33 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.31 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.

Risk Scores

CVSS 3.1
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
SiemensMendix Runtime V100
SiemensMendix Runtime V10.120
SiemensMendix Runtime V10.60
SiemensMendix Runtime V80
SiemensMendix Runtime V90
SiemensMendix Runtime V80, 0
SiemensMendix Runtime V10.120, 0
SiemensMendix Runtime V100, 0
SiemensMendix Runtime V10.60, 0
siemensmendix8.0, 10.0, 10.7
SiemensMendix Runtime V90, 0

Timeline

  • Sep 10, 2024 CVE Published
  • Jan 14, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›