Cross Site Scripting Vulnerability in Mendix SAML Module by Mendix
CVE-2022-32286

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Mendix Saml Module (mendix 7 Compatible); Mendix Saml Module (mendix 8 Compatible); Mendix Saml Module (mendix 9 Compatible)
Vendor: CVE Published:; 14 June 2022

What is CVE-2022-32286?

A Cross Site Scripting (XSS) vulnerability has been identified in the Mendix SAML Module, affecting multiple versions across Mendix 7, 8, and 9. This issue arises from inadequate sanitation of error messages, which can be exploited by attackers. By luring users into accessing malicious links, attackers may execute harmful scripts, compromising user security and exposing sensitive information. It is crucial for organizations using these Mendix SAML Modules to address this vulnerability to protect against potential exploits.

Affected Version(s)

Mendix SAML Module (Mendix 7 compatible) All versions < V1.16.6

Mendix SAML Module (Mendix 8 compatible) All versions < V2.2.2

Mendix SAML Module (Mendix 9 compatible) All versions < V3.2.3

References

https://cert-portal.siemens.com/productcert/pdf/ssa-74059...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2022
Vulnerability Reserved
Jun 3, 2022

Siemens

What is CVE-2022-32286?

Affected Version(s)

References

CVSS V3.1

Timeline