Information Disclosure Vulnerability in Mendix Forgot Password Module
CVE-2023-27464

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Mendix Forgot Password (mendix 7 Compatible); Mendix Forgot Password (mendix 8 Compatible); Mendix Forgot Password (mendix 9 Compatible)
Vendor: CVE Published:; 11 April 2023

What is CVE-2023-27464?

A vulnerability exists in the Forgot Password module for various Mendix versions which may allow attackers to exploit an observable response discrepancy. This issue could facilitate the unauthorized retrieval of sensitive information from the application, posing a significant risk to user data and privacy. Users are advised to update to the latest versions to mitigate potential security risks.

Affected Version(s)

Mendix Forgot Password (Mendix 7 compatible) All versions < V3.7.1

Mendix Forgot Password (Mendix 8 compatible) All versions < V4.1.1

Mendix Forgot Password (Mendix 9 compatible) All versions < V5.1.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-69940...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Mar 1, 2023

Siemens

What is CVE-2023-27464?

Affected Version(s)

References

CVSS V3.1

Timeline