Capture-Replay Vulnerability in Mendix Applications by Mendix
CVE-2023-45794

6.8MEDIUM

Key Information:

Vendor: Siemens
Status: Mendix Applications Using Mendix 10; Mendix Applications Using Mendix 7; Mendix Applications Using Mendix 8; Mendix Applications Using Mendix 9
Vendor: CVE Published:; 14 November 2023

What is CVE-2023-45794?

A capture-replay flaw exists in Mendix Applications which impacts various versions across multiple Mendix platforms. This vulnerability could be exploited by authenticated attackers to gain unauthorized access or modify objects within the application. The risk is contingent upon specific preconditions based on the application's model and access control design, potentially enabling privilege escalation in the context of vulnerable apps. Organizations using Mendix should assess the security of their applications and implement necessary controls to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mendix Applications using Mendix 10 All versions < V10.4.0

Mendix Applications using Mendix 7 All versions < V7.23.37

Mendix Applications using Mendix 8 All versions < V8.18.27

References

https://cert-portal.siemens.com/productcert/pdf/ssa-08418...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Oct 12, 2023

JSON

Siemens

What is CVE-2023-45794?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.