CVE-2023-43623

🗓️ 10 Oct 2023 10:21:29Reported by siemensType

Vulnerability in Mendix Forgot Password allows user enumeration

Reporter	Title	Published	Views	Family All 9
CNNVD	Siemens Mendix 安全漏洞	10 Oct 202300:00	–	cnnvd
CNVD	Siemens Mendix Forgot Password Module Household Enumeration Vulnerability	11 Oct 202300:00	–	cnvd
Cvelist	CVE-2023-43623	10 Oct 202310:21	–	cvelist
EUVD	EUVD-2023-48023	3 Oct 202520:07	–	euvd
ICS	Siemens Mendix Forgot Password Module	10 Oct 202300:00	–	ics
NVD	CVE-2023-43623	10 Oct 202311:15	–	nvd
Prion	Default credentials	10 Oct 202311:15	–	prion
RedhatCVE	CVE-2023-43623	9 Jan 202609:30	–	redhatcve
Vulnrichment	CVE-2023-43623	10 Oct 202310:21	–	vulnrichment

NVD

Node

mendix forgot_passwordRange<3.7.3

mendix forgot_passwordRange4.0.0–4.1.3

mendix forgot_passwordRange5.0.0–5.4.0

[
  {
    "vendor": "Siemens",
    "product": "Mendix Forgot Password (Mendix 10 compatible)",
    "versions": [
      {
        "version": "All versions < V5.4.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Mendix Forgot Password (Mendix 7 compatible)",
    "versions": [
      {
        "version": "All versions < V3.7.3",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Mendix Forgot Password (Mendix 8 compatible)",
    "versions": [
      {
        "version": "All versions < V4.1.3",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Mendix Forgot Password (Mendix 9 compatible)",
    "versions": [
      {
        "version": "All versions < V5.4.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-295483.pdf

21 Nov 2024 08:24Current

5.1Medium risk

Vulners AI Score5.1

CVSS 3.15.3

EPSS0.0023

SSVC

CWE-203