Access Control Flaw in Mendix Forgot Password Appstore Module
CVE-2021-25672

8.8HIGH

Key Information:

Vendor: Siemens
Status: Mendix Forgot Password Appstore Module
Vendor: CVE Published:; 15 March 2021

Summary

A significant access control vulnerability has been detected in the Mendix Forgot Password Appstore module, affecting all versions prior to V3.2.1. This flaw allows attackers to exploit inadequate control mechanisms, potentially leading to unauthorized account takeovers. Users of the affected module should review their installation and upgrade to an unaffected version to mitigate risks.

Affected Version(s)

Mendix Forgot Password Appstore module All Versions < V3.2.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-91711...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 15, 2021
Vulnerability Reserved
Jan 21, 2021