Vulnetix
Try Vulnetix Request Demo
SSA-914892 PUBLISHED CVSS 5.300000190734863 MEDIUM

The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Mendix Runtime V10.12
Mendix Runtime V10.6
Mendix Runtime V9
Mendix Runtime V10
Mendix Runtime V8

Timeline

References

Open in Interactive Console →