VDB

CVE-2023-49069

CVE-2023-49069 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.14.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.2 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.12 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.26 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.

EPSS 0.35% · 57.8th percentile

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.35%
57.8th percentile

Affected Products

VendorProductVersions
SiemensMendix Runtime V80, 0
SiemensMendix Runtime V90, 0
SiemensMendix Runtime V10.60, 0
SiemensMendix Runtime V10.120, 0
siemensmendix10.13, 10.7, 8.0
SiemensMendix Runtime V100, 0

Exploit Intelligence

Timeline

  • Sep 10, 2024 CVE Published
  • Sep 11, 2024 EPSS Score
  • Oct 1, 2024 EPSS Score
  • Oct 5, 2024 Coalition ESS Score
  • Oct 16, 2024 Coalition ESS Score
  • Oct 21, 2024 EPSS Score
  • Nov 9, 2024 EPSS Score
  • Nov 12, 2024 Coalition ESS Score
  • Nov 15, 2024 Coalition ESS Score
  • Nov 29, 2024 EPSS Score
  • Dec 20, 2024 EPSS Score
  • Jan 9, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›