A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: siemens
Published: 2022-07-12T10:06:43
Updated: 2024-08-03T07:11:39.898Z
Reserved: 2022-05-20T00:00:00
Link: CVE-2022-31257
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-07-12T10:15:10.653
Modified: 2024-11-21T07:04:14.230
Link: CVE-2022-31257
Redhat
No data.