VDB

CVE-2024-50313

CVE-2024-50313 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The basic authentication implementation of affected applications contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures.

EPSS 0.56% · 68.6th percentile

Risk Scores

CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.56%
68.6th percentile

Affected Products

VendorProductVersions
SiemensMendix Runtime V90
SiemensMendix Runtime V100
mendixmendix8.0.0, 10.0.0, 10.13.0
SiemensMendix Runtime V10.60
SiemensMendix Runtime V10.120
SiemensMendix Runtime V80

Timeline

  • Nov 12, 2024 Coalition ESS Score
  • Nov 12, 2024 CVE Published
  • Nov 12, 2024 PoC Published
  • Nov 12, 2024 PoC Published
  • Nov 13, 2024 EPSS Score
  • Nov 14, 2024 PoC Published
  • Nov 15, 2024 Coalition ESS Score
  • Dec 2, 2024 EPSS Score
  • Dec 19, 2024 EPSS Score
  • Jan 6, 2025 EPSS Score
  • Jan 23, 2025 EPSS Score
  • Jan 27, 2025 Coalition ESS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›