VDB

CISA-2024-39888

CISA-2024-39888 PUBLISHED CVSS 7.5 HIGH

Reported by siemens · Published July 9, 2024

A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
SiemensMendix EncryptionV10.0.0
SiemensMendix EncryptionV10.0.0, V10.0.0
siemensmendix_encryptionV10.0.0, V10.0.0

Timeline

  • Jul 9, 2024 CVE Published
  • Aug 27, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›