Reflected Cross-Site Scripting Vulnerability in Mendix SAML Products
CVE-2022-46823

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Mendix SAML (Mendix 8 compatible); Mendix SAML (Mendix 9 compatible, New Track); Mendix SAML (Mendix 9 compatible, Upgrade Track)
Vendor: CVE Published:; 10 January 2023

Summary

A reflected cross-site scripting vulnerability has been detected in specific versions of the Mendix SAML module. This vulnerability allows attackers to potentially extract sensitive user data by deceiving users into clicking malicious links. The affected versions of Mendix SAML include several iterations compatible with Mendix 8 and 9, making it crucial for users to update their software to mitigate the risks associated with this exploit.

Affected Version(s)

Mendix SAML (Mendix 8 compatible) All versions >= V2.3.0 < V2.3.4

Mendix SAML (Mendix 9 compatible, New Track) All versions >= V3.3.0 < V3.3.9

Mendix SAML (Mendix 9 compatible, Upgrade Track) All versions >= V3.3.0 < V3.3.8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-49660...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 10, 2023
Vulnerability Reserved
Dec 8, 2022