cbcvebase.
CVE-2022-37011
published 2022-09-13

CVE-2022-37011: A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0)…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.05%
59.9th percentile
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.

Affected

9 ranges
VendorProductVersion rangeFixed in
mendixsaml< 1.17.01.17.0
mendixsaml>= 2.0.0 < 2.3.02.3.0
mendixsaml>= 2.3.0 < 2.3.22.3.2
mendixsaml>= 3.0.0 < 3.3.13.3.1
mendixsaml>= 3.3.0 < 3.3.43.3.4
siemensmendix_saml
siemensmendix_saml
siemensmendix_saml
siemensmendix_saml

Detection & IOCsextracted from sources · hover to see the quote

  • ·Fix versions for CVE-2022-37011 still contain the authentication bypass issue when the non-default configuration option 'Allow Idp Initiated Authentication' is enabled
  • ·The residual vulnerability under 'Allow Idp Initiated Authentication' in the fixed versions of CVE-2022-37011 was separately tracked as CVE-2022-44457
  • ·For Mendix 9 Upgrade Track, CVE-2022-37011 was resolved in V3.3.0 (not V3.3.1 as for New Track)
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.