467 matches found
CVE-2022-26313
A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1. In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts...
CVE-2022-26314
A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1, Mendix Forgot Password Appstore module Mendix 7 compatible All versions V3.2.2. Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to...
CVE-2022-26313
A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1. In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts...
CVE-2022-26314
A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1, Mendix Forgot Password Appstore module Mendix 7 compatible All versions V3.2.2. Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to...
CVE-2022-26317
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.29. When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with...
CVE-2022-26313
A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1. In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts...
CVE-2022-24309
A vulnerability has been identified in Mendix Runtime V7 All versions V7.23.29, Mendix Runtime V8 All versions V8.18.16, Mendix Runtime V9 All versions V9.13 only with Runtime Custom Setting DataStorage.UseNewQueryHandler set to False. If an entity has an association readable by the user, then in...
CVE-2022-26317
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.29. When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with...
Design/Logic Flaw
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.29. When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with...
Design/Logic Flaw
A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1, Mendix Forgot Password Appstore module Mendix 7 compatible All versions V3.2.2. Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to...
Code injection
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.29, Mendix Applications using Mendix 8 All versions V8.18.16, Mendix Applications using Mendix 9 All deployments with Runtime Custom Setting DataStorage.UseNewQueryHandler set to False. If an entity has a...
Design/Logic Flaw
A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1. In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts...
CVE-2022-26317
The CVE-2022-26317 issue affects Mendix Applications running on Mendix 7, specifically all versions prior to 7.23.29. The root cause is that when returning the result of a completed Microflow execution call, the framework does not properly verify whether the request was initially made by the user...
CVE-2022-26317
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.29. When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with...
CVE-2022-26314
A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1, Mendix Forgot Password Appstore module Mendix 7 compatible All versions V3.2.2. Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to...
CVE-2022-26314
CVE-2022-26314 affects the Mendix Forgot Password Appstore module: affected versions are Mendix Forgot Password Appstore v3.3.0–v3.5.1 and Mendix 7 compatible versions prior to v3.2.2. The root cause is improper restriction of excessive authentication attempts, enabling unauthenticated brute-forc...
CVE-2022-26313
A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1. In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts...
CVE-2022-26313
The CVE-2022-26313 entry concerns the Mendix Forgot Password Appstore module, affected in all versions 3.3.0 through 3.5.1. Multiple sources (Red Hat CVE, ICSA, CNVD, CNNVD, etc.) describe an Improper Access Control flaw in which a threat actor could hijack arbitrary user accounts via the sign-up...
CVE-2022-24309
A vulnerability has been identified in Mendix Runtime V7 All versions V7.23.29, Mendix Runtime V8 All versions V8.18.16, Mendix Runtime V9 All versions V9.13 only with Runtime Custom Setting DataStorage.UseNewQueryHandler set to False. If an entity has an association readable by the user, then in...
CVE-2022-24309
Summary: CVE-2022-24309 affects Mendix Runtime (V7 < 7.23.29, V8 < 8.18.16, V9