CVE-2022-37011
published 2022-09-13CVE-2022-37011: A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0)…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.05%
59.9th percentile
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mendix | saml | < 1.17.0 | 1.17.0 |
| mendix | saml | >= 2.0.0 < 2.3.0 | 2.3.0 |
| mendix | saml | >= 2.3.0 < 2.3.2 | 2.3.2 |
| mendix | saml | >= 3.0.0 < 3.3.1 | 3.3.1 |
| mendix | saml | >= 3.3.0 < 3.3.4 | 3.3.4 |
| siemens | mendix_saml | — | — |
| siemens | mendix_saml | — | — |
| siemens | mendix_saml | — | — |
| siemens | mendix_saml | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·Fix versions for CVE-2022-37011 still contain the authentication bypass issue when the non-default configuration option 'Allow Idp Initiated Authentication' is enabled ↗
- ·The residual vulnerability under 'Allow Idp Initiated Authentication' in the fixed versions of CVE-2022-37011 was separately tracked as CVE-2022-44457 ↗
- ·For Mendix 9 Upgrade Track, CVE-2022-37011 was resolved in V3.3.0 (not V3.3.1 as for New Track) ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r796-qqqw-vxrj: A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions = V1
ghsa_unreviewed·2022-11-08·CVSS 9.8
CVE-2022-44457 [CRITICAL] CWE-294 GHSA-r796-qqqw-vxrj: A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions = V1
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions = V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions = V2.3.0 = V3.3.1 = V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.
GHSA
GHSA-vvx5-72qc-ggwp: A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1
ghsa_unreviewed·2022-09-14
CVE-2022-37011 [CRITICAL] CWE-294 GHSA-vvx5-72qc-ggwp: A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.3.1). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.
CISA ICS
Siemens Mendix SAML Module (Update B)
cisa_ics·2022-12-15·CVSS 9.8
[CRITICAL] Siemens Mendix SAML Module (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Mendix SAML Module (Update B)
Last RevisedDecember 15, 2022
Alert CodeICSA-22-258-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.4
- ATTENTION: Exploitable remotely
- Vendor: Siemens
- Equipment: Mendix SAML Module
- Vulnerability: Authentication Bypass by Capture-replay
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA- ICSA-22-258-04 Siemens Mendix SAML Module (Update A) that was published November 10th, 2022 on the ICS webpage on cisa.gov/ICS.
## 3. RISK EVALUATION
Successful exploitation of this vulnerability could all
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-13
Published