Siemens Mendix SAML Module Certification Bypass Vulnerability (CNVD-2023-17659)

2023-03-1600:00:00

China National Vulnerability Database

www.cnvd.org.cn

siemens mendix

saml module

certification bypass

vulnerability

cnvd-2023-17659

authentication

cloud applications

identity provider

saml 2.0

shibboleth

exploitation

0.001 Low

EPSS

Percentile

46.4%

JSON

The Mendix SAML Module allows the use of SAML to authenticate users in cloud applications. The module can communicate with any identity provider that supports SAML 2.0 or Shibboleth. An authentication bypass vulnerability exists in Siemens Mendix SAML Module, which stems from inadequate validation of SAML assertions and can be exploited by an attacker to bypass authentication and access the application.

CPENameOperatorVersion
siemens mendix saml (mendix 8 compatible) >=2.2.0，lt2.2.3
siemens mendix saml (mendix 9 compatible, new track) >=3.1.9，lt3.2.5
siemens mendix saml (mendix 9 compatible, upgrade track) >=3.1.9，lt3.2.5
siemens mendix saml (mendix 7 compatible) >=1.16.4，lt1.17.2

Name	Operator	Version
siemens mendix saml (mendix 8 compatible) >=2.2.0，	lt	2.2.3
siemens mendix saml (mendix 9 compatible, new track) >=3.1.9，	lt	3.2.5
siemens mendix saml (mendix 9 compatible, upgrade track) >=3.1.9，	lt	3.2.5
siemens mendix saml (mendix 7 compatible) >=1.16.4，	lt	1.17.2

0.001 Low

EPSS

Percentile

46.4%

JSON

Related for CNVD-2023-17659