CVE-2023-29129 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-29129 PUBLISHED CVSS 9.100000381469727 CRITICAL

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.12/9.18 compatible, New Track) (All versions >= V3.3.1 < V3.3.15), Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.14), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. This CVE entry describes the incomplete fix for CVE-2023-25957 in a specific non default configuration.

EPSS 0.08% · 23.1th percentile

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

EPSS Score

0.08%

23.1th percentile

Affected Products

Vendor	Product	Versions
Siemens	Mendix SAML (Mendix 9.12/9.18 compatible, New Track)	All versions >= V3.3.1 < V3.3.15, All versions >= V3.3.1 < V3.3.15
Siemens	Mendix SAML (Mendix 8 compatible)	All versions >= V2.3.0 < V2.4.0, All versions >= V2.2.0 < V2.3.0, All versions >= V2.3.0 < V2.4.0
Siemens	Mendix SAML (Mendix 9 latest compatible, New Track)	All versions >= V3.1.9 < V3.3.1, All versions >= V3.3.1 < V3.6.1, All versions >= V3.3.1 < V3.6.1
Siemens	Mendix SAML (Mendix 9.6 compatible, New Track)	All versions >= V3.1.9 < V3.2.7, All versions >= V3.1.9 < V3.2.7
Siemens	Mendix SAML (Mendix 9 latest compatible, Upgrade Track)	All versions >= V3.1.8 < V3.3.0, All versions >= V3.3.0 < V3.6.0, All versions >= V3.3.0 < V3.6.0
Siemens	Mendix SAML (Mendix 9.6 compatible, Upgrade Track)	All versions >= V3.1.8 < V3.2.6, All versions >= V3.1.8 < V3.2.6
mendix	saml	3.1.8, 3.1.8, 1.16.4
Siemens	Mendix SAML (Mendix 7 compatible)	All versions >= V1.16.4 < V1.17.3, All versions >= V1.17.3 < V1.18.0, All versions >= V1.16.4 < V1.17.3
Siemens	Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track)	All versions >= V3.3.0 < V3.3.14, All versions >= V3.3.0 < V3.3.14

Timeline

Jun 13, 2023 CVE Published
Jun 14, 2023 EPSS Score
Jul 19, 2023 EPSS Score
Aug 23, 2023 EPSS Score
Sep 27, 2023 EPSS Score
Nov 1, 2023 EPSS Score
Dec 6, 2023 EPSS Score
Jan 10, 2024 EPSS Score
Feb 14, 2024 EPSS Score
Mar 20, 2024 EPSS Score
Apr 24, 2024 EPSS Score
May 29, 2024 EPSS Score

References

Open in Interactive Console →