cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-29129,https://securityvulnerability.io/vulnerability/CVE-2023-29129,Insufficient SAML Assertion Verification in Mendix Products,"A vulnerability has been identified in various versions of Mendix SAML products, where insufficient verification of SAML assertions may allow unauthenticated remote attackers to bypass authentication mechanisms. This may result in unauthorized access to applications relying on these SAML integrations. This issue also reflects an incomplete fix for a previous vulnerability, necessitating immediate attention to ensure the security of applications utilizing these specific Mendix SAML versions.",Siemens,"Mendix SAML (Mendix 7 compatible),Mendix SAML (Mendix 8 compatible),Mendix SAML (Mendix 9 latest compatible, New Track),Mendix SAML (Mendix 9 latest compatible, Upgrade Track),Mendix SAML (Mendix 9.12/9.18 compatible, New Track),Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track),Mendix SAML (Mendix 9.6 compatible, New Track),Mendix SAML (Mendix 9.6 compatible, Upgrade Track)",9.8,CRITICAL,0.0033400000538676977,false,,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2023-25957,https://securityvulnerability.io/vulnerability/CVE-2023-25957,Vulnerability in Mendix SAML for Multiple Version Compatibility,"A vulnerability has been discovered in the Mendix SAML module that affects various versions. The issue arises from insufficient validation of SAML assertions, enabling unauthenticated remote attackers to potentially bypass authentication mechanisms. This gap allows unauthorized access to applications leveraging these versions of Mendix. Notably, affected versions include various configurations that, for compatibility reasons, may still expose this vulnerability if the 'Use Encryption' default configuration option is disabled.",Siemens,"Mendix SAML (Mendix 7 compatible),Mendix SAML (Mendix 8 compatible),Mendix SAML (Mendix 9 latest compatible, New Track),Mendix SAML (Mendix 9 latest compatible, Upgrade Track),Mendix SAML (Mendix 9.6 compatible, New Track),Mendix SAML (Mendix 9.6 compatible, Upgrade Track)",7.5,HIGH,0.0012000000569969416,false,,false,false,false,,false,false,2023-03-14T10:15:00.000Z,0
CVE-2022-46823,https://securityvulnerability.io/vulnerability/CVE-2022-46823,Reflected Cross-Site Scripting Vulnerability in Mendix SAML Products,"A reflected cross-site scripting vulnerability has been detected in specific versions of the Mendix SAML module. This vulnerability allows attackers to potentially extract sensitive user data by deceiving users into clicking malicious links. The affected versions of Mendix SAML include several iterations compatible with Mendix 8 and 9, making it crucial for users to update their software to mitigate the risks associated with this exploit.",Siemens,"Mendix SAML (Mendix 8 compatible),Mendix SAML (Mendix 9 compatible, New Track),Mendix SAML (Mendix 9 compatible, Upgrade Track)",6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,false,false,2023-01-10T11:39:46.211Z,0
CVE-2022-44457,https://securityvulnerability.io/vulnerability/CVE-2022-44457,Packet Capture Replay Vulnerability in Mendix SAML for Multiple Versions,"A security issue has been identified in Mendix SAML that allows for packet capture replay under specific non-default configuration settings. This vulnerability arises when the restrictive setting ‘Allow Idp Initiated Authentication’ is enabled, which can potentially lead to unauthorized access when not properly configured. The vulnerability highlights the importance of correctly applying recommended configurations to mitigate risks associated with session hijacking.",Siemens,"Mendix Saml (mendix 7 Compatible),Mendix Saml (mendix 8 Compatible),Mendix Saml (mendix 9 Compatible, New Track),Mendix Saml (mendix 9 Compatible, Upgrade Track)",9.8,CRITICAL,0.002630000002682209,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-37011,https://securityvulnerability.io/vulnerability/CVE-2022-37011,Authentication Bypass Vulnerability in Mendix SAML Modules,"A vulnerability exists in the Mendix SAML modules that impairs protection against packet capture replay attacks. This flaw enables unauthorized remote attackers to potentially bypass authentication, granting them access to the application. Although updates have been provided, utilizing the non-recommended configuration option 'Allow Idp Initiated Authentication' can still expose the system to this risk. Organizations using these modules should carefully evaluate their configurations to mitigate potential threats.",Siemens,"Mendix Saml (mendix 7 Compatible),Mendix Saml (mendix 8 Compatible),Mendix Saml (mendix 9 Compatible, New Track),Mendix Saml (mendix 9 Compatible, Upgrade Track)",9.8,CRITICAL,0.002899999963119626,false,,false,false,false,,false,false,2022-09-13T00:00:00.000Z,0
CVE-2022-32286,https://securityvulnerability.io/vulnerability/CVE-2022-32286,Cross Site Scripting Vulnerability in Mendix SAML Module by Mendix,"A Cross Site Scripting (XSS) vulnerability has been identified in the Mendix SAML Module, affecting multiple versions across Mendix 7, 8, and 9. This issue arises from inadequate sanitation of error messages, which can be exploited by attackers. By luring users into accessing malicious links, attackers may execute harmful scripts, compromising user security and exposing sensitive information. It is crucial for organizations using these Mendix SAML Modules to address this vulnerability to protect against potential exploits.",Siemens,"Mendix Saml Module (mendix 7 Compatible),Mendix Saml Module (mendix 8 Compatible),Mendix Saml Module (mendix 9 Compatible)",6.1,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2022-06-14T09:22:20.000Z,0
CVE-2022-32285,https://securityvulnerability.io/vulnerability/CVE-2022-32285,XML External Entity Vulnerability in Mendix SAML Modules,"A vulnerability has been identified in the Mendix SAML Module across various Mendix versions, which allows for potential exploitation through XML External Entity (XXE) attacks. This type of vulnerability occurs due to inadequate input sanitation, making it possible for attackers to access and disclose sensitive information in specific scenarios. It is crucial for users of the affected Mendix SAML Modules to update their installations to the latest versions to mitigate the risk of exploitation.",Siemens,"Mendix Saml Module (mendix 7 Compatible),Mendix Saml Module (mendix 8 Compatible),Mendix Saml Module (mendix 9 Compatible)",7.5,HIGH,0.0012799999676644802,false,,false,false,false,,false,false,2022-06-14T09:22:19.000Z,0