Mendix Saml vulnerabilities
8 known vulnerabilities affecting mendix/saml.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-37011P2CRITICALCVSS 9.8fixed in 1.17.0≥ 2.0.0, < 2.3.0+1 more2022-09-13
CVE-2022-37011 [CRITICAL] CWE-294 CVE-2022-37011: A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), M
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently
nvd
CVE-2023-29129P2CRITICALCVSS 9.8≥ 1.16.4, < 1.18.0≥ 2.2.0, < 2.4.0+1 more2023-06-13
CVE-2023-29129 [CRITICAL] CVE-2023-29129: A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 <
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 = V1.16.4 = V2.3.0 = V2.2.0 = V3.3.1 = V3.1.9 = V3.3.0 = V3.1.8 = V3.3.1 = V3.3.0 = V3.1.9 = V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentica
nvd
CVE-2022-44457P3CRITICALCVSS 9.8fixed in 1.17.0≥ 2.3.0, < 2.3.2+1 more2022-11-08
CVE-2022-44457 [CRITICAL] CVE-2022-44457: A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), M
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions = V1.17.0 = V2.3.0 = V3.3.1 = V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes
nvd
CVE-2021-33712P3HIGHCVSS 8.8fixed in 2.1.22021-06-08
CVE-2021-33712 [HIGH] CWE-345 CVE-2021-33712: A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration
A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate privileges.
nvd
CVE-2023-25957P3HIGHCVSS 7.5≥ 1.16.4, < 1.17.2≥ 2.2.0, < 2.2.3+1 more2023-03-14
CVE-2023-25957 [HIGH] CWE-303 CVE-2023-25957: A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 <
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 = V2.2.0 = V3.1.9 = V3.1.8 = V3.1.9 = V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application.
For compat
nvd
CVE-2022-32285P3HIGHCVSS 7.5fixed in 1.16.6≥ 2.0.0, < 2.2.2+1 more2022-06-14
CVE-2022-32285 [HIGH] CWE-611 CVE-2022-32285: A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.1
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This m
nvd
CVE-2022-32286P4MEDIUMCVSS 6.1fixed in 1.16.6≥ 2.0.0, < 2.2.2+1 more2022-06-14
CVE-2022-32286 [MEDIUM] CWE-79 CVE-2022-32286: A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.1
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient erro
nvd
CVE-2022-46823P4MEDIUMCVSS 6.1≥ 2.3.0, < 2.3.4≥ 3.3.0, < 3.3.92023-01-10
CVE-2022-46823 [MEDIUM] CWE-79 CVE-2022-46823: A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V
A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 = V3.3.0 = V3.3.0 < V3.3.8). The affected module is vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link.
nvd