A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-11-08T00:00:00

Updated: 2024-08-03T13:54:03.401Z

Reserved: 2022-10-31T00:00:00

Link: CVE-2022-44457

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-11-08T11:15:12.257

Modified: 2024-11-21T07:28:03.203

Link: CVE-2022-44457

cve-icon Redhat

No data.