Saml Security Vulnerabilities and Issues — Saml CVE List

MendixSaml

8 matches found

CVE•added 2023/03/14 9:31 a.m.•79 views

CVE-2023-25957

Summary: CVE-2023-25957 affects Mendix SAML modules across multiple tracks/versions (e.g., Mendix 7/8/9, various upgrade/new tracks). The core issue is that SAML assertions are insufficiently verified, enabling unauthenticated remote attackers to bypass authentication and access the application. ...

9.1CVSS8.5AI score0.0006EPSS

CVE•added 2023/01/10 11:39 a.m.•75 views

CVE-2022-46823

CVE-2022-46823 affects Siemens Mendix SAML (Mendix 8 compatible: 2.3.0–2.3.3; Mendix 9 compatible, New Track: 3.3.0–3.3.8; Mendix 9 compatible, Upgrade Track: 3.3.0–3.3.7). The vulnerability is reflected cross-site scripting (XSS), enabling an attacker to extract sensitive information by guiding ...

9.3CVSS5.8AI score0.00702EPSS

CVE•added 2022/09/13 12:0 a.m.•66 views

CVE-2022-37011

Technical details about CVE-2022-37011 are not publicly provided in the supplied documents. Monitor for updates from official advisories and vendor pages.

9.8CVSS9.4AI score0.00445EPSS

CVE•added 2022/06/14 9:22 a.m.•56 views

CVE-2022-32286

The CVE-2022-32286 entry concerns the Mendix SAML Module (Mendix 7 compatible: all versions < 1.16.6; Mendix 8 compatible: all versions < 2.2.2; Mendix 9 compatible: all versions

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2022/11/08 12:0 a.m.•55 views

CVE-2022-44457

CVE-2022-44457 affects Mendix SAML modules across Mendix 7/8/9 tracks. The issue arises when the non-default configuration option Allow Idp Initiated Authentication is enabled, yielding insufficient protection against packet capture replay. The record notes this as an incomplete fix for CVE-2022-...

9.8CVSS9.3AI score0.00437EPSS

CVE•added 2022/06/14 9:22 a.m.•51 views

CVE-2022-32285

The CVE-2022-32285 vulnerability affects the Mendix SAML Module (Mendix 7 compatible: all versions < v1.16.6; Mendix 8 compatible: all versions < v2.2.2; Mendix 9 compatible: all versions

7.5CVSS7.2AI score0.00423EPSS

CVE•added 2021/06/08 7:47 p.m.•41 views

CVE-2021-33712

The CVE-2021-33712 vulnerability affects the Mendix SAML Module (all versions before 2.1.2). Root cause: the SAML module’s configuration does not properly enforce restrictions/validations from the identity provider, enabling a remote authenticated attacker to escalate privileges. Affected product...

8.8CVSS8.3AI score0.00246EPSS

CVE•added 2023/06/13 8:17 a.m.•36 views

CVE-2023-29129

Siemens Mendix SAML Module contains a vulnerability CVE-2023-29129 where inadequate verification of SAML assertions across multiple Mendix SAML versions (7.x, 8.x, 9.x) may allow unauthenticated remote attackers to bypass authentication. The entry notes this as the incomplete fix for CVE-2023-259...

9.8CVSS8.8AI score0.00092EPSS