VDB
CNVD-2023-48547
CNVD-2023-48547
PUBLISHED
CVSS 9.100000381469727 CRITICAL
Mendix SAML module允许您在云应用程序中使用SAML对用户进行身份验证。该模块可以与任何支持SAML2.0或Shibboleth的身份提供程序通信。 Siemens Mendix SAML存在身份验证绕过漏洞,攻击者可利用该漏洞绕过身份验证并访问应用程序。
Risk Scores
CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Mendix SAML (Mendix 9.12/9.18 compatible, New Track) | * |
| Siemens | Mendix SAML (Mendix 9 latest compatible, Upgrade Track) | All versions >= V3.3.0 < V3.6.0, All versions >= V3.1.8 < V3.3.0 |
| Siemens | Mendix SAML (Mendix 9.6 compatible, Upgrade Track) | All versions >= V3.1.8 < V3.2.6 |
| Siemens | Mendix SAML (Mendix 7 compatible) | All versions >= V1.16.4 < V1.17.3, * |
| Siemens | Mendix SAML (Mendix 9 latest compatible, New Track) | All versions >= V3.1.9 < V3.3.1, All versions >= V3.3.1 < V3.6.1 |
| Siemens | Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track) | All versions >= V3.3.0 < V3.3.14 |
| Siemens | Mendix SAML (Mendix 8 compatible) | All versions >= V2.2.0 < V2.3.0, All versions >= V2.3.0 < V2.4.0 |
| Siemens | Mendix SAML (Mendix 9.6 compatible, New Track) | * |
Timeline
- Mar 14, 2023 CVE Published