Mendix Forgot Password vulnerabilities
5 known vulnerabilities affecting mendix/forgot_password.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-26314P2CRITICALCVSS 9.8fixed in 3.2.2≥ 3.3.0, < 3.5.12022-03-08
CVE-2022-26314 [CRITICAL] CWE-307 CVE-2022-26314: A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.
A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in spe
nvd
CVE-2022-26313P3CRITICALCVSS 9.8≥ 3.3.0, < 3.5.12022-03-08
CVE-2022-26313 [CRITICAL] CWE-284 CVE-2022-26313: A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.
A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.
nvd
CVE-2021-25672P3HIGHCVSS 8.8fixed in 3.2.12021-03-15
CVE-2021-25672 [HIGH] CWE-284 CVE-2021-25672: A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1
A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts.
nvd
CVE-2023-43623P4MEDIUMCVSS 5.3fixed in 3.7.3≥ 4.0.0, < 4.1.3+1 more2023-10-10
CVE-2023-43623 [MEDIUM] CWE-203 CVE-2023-43623: A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions <
A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0). Applications using the affected
nvd
CVE-2023-27464P4MEDIUMCVSS 5.3fixed in 3.7.1≥ 4.0.0, < 4.1.1+1 more2023-04-11
CVE-2023-27464 [MEDIUM] CWE-204 CVE-2023-27464: A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions <
A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.1), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.1), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.1.1). The affected versions of the module contain an observable response discrepancy issue that could allow a
nvd