CVE-2023-45794

CWE-2943 documents3 sources

Severity

8.1HIGH

EPSS

0.2%

top 63.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Mendix Siemens Mendix Applications Using Mendix 10 Siemens Mendix Applications Using Mendix 7 +2 more

Timeline

PublishedNov 14

Description

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design. This could allow authenticate…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2

Affected Packages5 packages

▶CVEListV5siemens/mendix_applications_using_mendix_7All versions < V7.23.37

▶CVEListV5siemens/mendix_applications_using_mendix_8All versions < V8.18.27

▶CVEListV5siemens/mendix_applications_using_mendix_9All versions < V9.24.10

▶CVEListV5siemens/mendix_applications_using_mendix_10All versions < V10.4.0

▶NVDsiemens/mendix7.0.0 — 7.23.37+3

🔴Vulnerability Details

CVEList

CVE-2023-45794: A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10↗2023-11-14

▶

GHSA

GHSA-c2cf-rfw6-458v: A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10↗2023-11-14

▶