CVE-2023-25957

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All Versions >= 1.16.4 < 1.17.2), Mendix SAML (Mendix 8 compatible) (All versions >= 2.2.0 < 2.2.3), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= 3.1.9 < 3.2.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= 3.1.9 < 3.2.5). The affected versions of the module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mendix:saml:*:*:*:*:*:mendix:*:*
cpe:2.3:a:mendix:saml:*:*:*:*:*:mendix:*:*
cpe:2.3:a:mendix:saml:*:*:*:*:*:mendix:*:*

Information

Published : 2023-03-14 03:15

Updated : 2023-03-21 11:13


NVD link : CVE-2023-25957

Mitre link : CVE-2023-25957


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

mendix

  • saml