cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-29129,https://securityvulnerability.io/vulnerability/CVE-2023-29129,Insufficient SAML Assertion Verification in Mendix Products,"A vulnerability has been identified in various versions of Mendix SAML products, where insufficient verification of SAML assertions may allow unauthenticated remote attackers to bypass authentication mechanisms. This may result in unauthorized access to applications relying on these SAML integrations. This issue also reflects an incomplete fix for a previous vulnerability, necessitating immediate attention to ensure the security of applications utilizing these specific Mendix SAML versions.",Siemens,"Mendix SAML (Mendix 7 compatible),Mendix SAML (Mendix 8 compatible),Mendix SAML (Mendix 9 latest compatible, New Track),Mendix SAML (Mendix 9 latest compatible, Upgrade Track),Mendix SAML (Mendix 9.12/9.18 compatible, New Track),Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track),Mendix SAML (Mendix 9.6 compatible, New Track),Mendix SAML (Mendix 9.6 compatible, Upgrade Track)",9.8,CRITICAL,0.0033400000538676977,false,,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2023-25957,https://securityvulnerability.io/vulnerability/CVE-2023-25957,Vulnerability in Mendix SAML for Multiple Version Compatibility,"A vulnerability has been discovered in the Mendix SAML module that affects various versions. The issue arises from insufficient validation of SAML assertions, enabling unauthenticated remote attackers to potentially bypass authentication mechanisms. This gap allows unauthorized access to applications leveraging these versions of Mendix. Notably, affected versions include various configurations that, for compatibility reasons, may still expose this vulnerability if the 'Use Encryption' default configuration option is disabled.",Siemens,"Mendix SAML (Mendix 7 compatible),Mendix SAML (Mendix 8 compatible),Mendix SAML (Mendix 9 latest compatible, New Track),Mendix SAML (Mendix 9 latest compatible, Upgrade Track),Mendix SAML (Mendix 9.6 compatible, New Track),Mendix SAML (Mendix 9.6 compatible, Upgrade Track)",7.5,HIGH,0.0012000000569969416,false,,false,false,false,,false,false,2023-03-14T10:15:00.000Z,0
CVE-2022-46823,https://securityvulnerability.io/vulnerability/CVE-2022-46823,Reflected Cross-Site Scripting Vulnerability in Mendix SAML Products,"A reflected cross-site scripting vulnerability has been detected in specific versions of the Mendix SAML module. This vulnerability allows attackers to potentially extract sensitive user data by deceiving users into clicking malicious links. The affected versions of Mendix SAML include several iterations compatible with Mendix 8 and 9, making it crucial for users to update their software to mitigate the risks associated with this exploit.",Siemens,"Mendix SAML (Mendix 8 compatible),Mendix SAML (Mendix 9 compatible, New Track),Mendix SAML (Mendix 9 compatible, Upgrade Track)",6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,false,false,2023-01-10T11:39:46.211Z,0
CVE-2022-44457,https://securityvulnerability.io/vulnerability/CVE-2022-44457,Packet Capture Replay Vulnerability in Mendix SAML for Multiple Versions,"A security issue has been identified in Mendix SAML that allows for packet capture replay under specific non-default configuration settings. This vulnerability arises when the restrictive setting ‘Allow Idp Initiated Authentication’ is enabled, which can potentially lead to unauthorized access when not properly configured. The vulnerability highlights the importance of correctly applying recommended configurations to mitigate risks associated with session hijacking.",Siemens,"Mendix Saml (mendix 7 Compatible),Mendix Saml (mendix 8 Compatible),Mendix Saml (mendix 9 Compatible, New Track),Mendix Saml (mendix 9 Compatible, Upgrade Track)",9.8,CRITICAL,0.002630000002682209,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-37011,https://securityvulnerability.io/vulnerability/CVE-2022-37011,Authentication Bypass Vulnerability in Mendix SAML Modules,"A vulnerability exists in the Mendix SAML modules that impairs protection against packet capture replay attacks. This flaw enables unauthorized remote attackers to potentially bypass authentication, granting them access to the application. Although updates have been provided, utilizing the non-recommended configuration option 'Allow Idp Initiated Authentication' can still expose the system to this risk. Organizations using these modules should carefully evaluate their configurations to mitigate potential threats.",Siemens,"Mendix Saml (mendix 7 Compatible),Mendix Saml (mendix 8 Compatible),Mendix Saml (mendix 9 Compatible, New Track),Mendix Saml (mendix 9 Compatible, Upgrade Track)",9.8,CRITICAL,0.002899999963119626,false,,false,false,false,,false,false,2022-09-13T00:00:00.000Z,0