LDAP Injection Vulnerability in Mendix by Siemens
CVE-2024-56841

7.4HIGH

Key Information:

Vendor: Siemens
Vendor: CVE Published:; 14 January 2025

Summary

A serious vulnerability exists in Mendix LDAP versions prior to 1.1.2, allowing attackers to exploit LDAP injection flaws. This weakness enables an unauthenticated remote attacker to bypass user authentication mechanisms, potentially gaining unauthorized access to sensitive system information. Organizations using affected versions should implement immediate measures to mitigate risks and ensure their systems remain secure.

References

https://cert-portal.siemens.com/productcert/html/ssa-3143...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2025