Capture-Replay Vulnerability in Mendix Applications by Mendix
CVE-2023-45794

8.1HIGH

Key Information:

Vendor: Siemens
Status: Mendix Applications using Mendix 10; Mendix Applications using Mendix 7; Mendix Applications using Mendix 8; Mendix Applications using Mendix 9
Vendor: CVE Published:; 14 November 2023

Summary

A capture-replay flaw exists in Mendix Applications which impacts various versions across multiple Mendix platforms. This vulnerability could be exploited by authenticated attackers to gain unauthorized access or modify objects within the application. The risk is contingent upon specific preconditions based on the application's model and access control design, potentially enabling privilege escalation in the context of vulnerable apps. Organizations using Mendix should assess the security of their applications and implement necessary controls to mitigate this risk.

Affected Version(s)

Mendix Applications using Mendix 10 All versions < V10.4.0

Mendix Applications using Mendix 7 All versions < V7.23.37

Mendix Applications using Mendix 8 All versions < V8.18.27

References

https://cert-portal.siemens.com/productcert/pdf/ssa-08418...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Oct 12, 2023