Lucene search

K
cveSiemensCVE-2022-32286
HistoryJun 14, 2022 - 10:15 a.m.

CVE-2022-32286

2022-06-1410:15:21
CWE-79
siemens
web.nvd.nist.gov
38
3
mendix
saml module
vulnerability
xss
mendix 7
mendix 8
mendix 9
cve-2022-32286

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link.

Affected configurations

Nvd
Node
mendixsamlRange<1.16.6
OR
mendixsamlRange2.0.02.2.2
OR
mendixsamlRange3.0.03.2.3
VendorProductVersionCPE
mendixsaml*cpe:2.3:a:mendix:saml:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Mendix SAML Module (Mendix 7 compatible)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V1.16.6"
      }
    ]
  },
  {
    "product": "Mendix SAML Module (Mendix 8 compatible)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.2.2"
      }
    ]
  },
  {
    "product": "Mendix SAML Module (Mendix 9 compatible)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V3.2.3"
      }
    ]
  }
]

Social References

More

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%

Related for CVE-2022-32286