The vulnerability of the SAML implementation for the application’s single-input module in the Mendix software development and application testing platform allows a perpetrator to gain unauthorized access to the application.

🗓️ 28 Jun 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

SAML and SSO vulnerabilities in Mendix allow unauthorized application access due to authentication errors.

Reporter	Title	Published	Views	Family All 10
CNNVD	Siemens Mendix SAML Module 授权问题漏洞	13 Jun 202300:00	–	cnnvd
CNVD	Siemens Mendix SAML Authentication Bypass Vulnerability	14 Jun 202300:00	–	cnvd
CVE	CVE-2023-29129	13 Jun 202308:17	–	cve
Cvelist	CVE-2023-29129	13 Jun 202308:17	–	cvelist
EUVD	EUVD-2023-32732	3 Oct 202520:07	–	euvd
NVD	CVE-2023-29129	13 Jun 202309:15	–	nvd
Prion	Authentication flaw	13 Jun 202309:15	–	prion
Positive Technologies	PT-2023-3305 · Mendix · Mendix Saml	14 Mar 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-29129	9 Jan 202609:00	–	redhatcve
Vulnrichment	CVE-2023-29129	13 Jun 202308:17	–	vulnrichment

Vulners

Node

siemens_ag mendix_samlRange1.17.3–1.18.0

OR

siemens_ag mendix_samlRange1.16.4–1.17.3

OR

siemens_ag mendix_samlRange2.3.0–2.4.0

OR

siemens_ag mendix_samlRange2.2.0–2.3.0

OR

siemens_ag mendix_samlRange3.3.1–3.6.1

OR

siemens_ag mendix_samlRange3.1.9–3.3.1

OR

siemens_ag mendix_samlRange3.3.0–3.6.0

OR

siemens_ag mendix_samlRange3.1.8–3.3.0

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-851884.pdf
vuldb	www.vuldb.com/
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2022051008
web	www.web.nvd.nist.gov/view/vuln/detail

28 Jun 2023 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 39.1

CVSS 29.4

EPSS0.00888

mendix vulnerability single sign on authentication error unauthorized access