VDB
CISA-2024-39888
CISA-2024-39888
PUBLISHED
CVSS 7.5 HIGH
Reported by siemens · Published July 9, 2024
A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Mendix Encryption | V10.0.0 |
| Siemens | Mendix Encryption | V10.0.0, V10.0.0 |
| siemens | mendix_encryption | V10.0.0, V10.0.0 |
Timeline
- Jul 9, 2024 CVE Published
- Aug 27, 2025 CVE Updated