Lucene search

SiemensCVE-2022-45936

HistoryDec 13, 2022 - 4:15 p.m.

CVE-2022-45936

2022-12-1316:15:24

CWE-284

siemens

web.nvd.nist.gov

cve-2022-45936

mendix email connector

security vulnerability

access control

information security

nvd

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

45.8%

JSON

A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information.

Affected configurations

Nvd

Node

siemensmendix_email_connectorRange<2.0.0

VendorProductVersionCPE
siemensmendix_email_connector*cpe:2.3:a:siemens:mendix_email_connector:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	mendix_email_connector	*	cpe:2.3:a:siemens:mendix_email_connector::::::::

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Mendix Email Connector",
    "versions": [
      {
        "version": "All versions < V2.0.0",
        "status": "affected"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-224632.pdf

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

45.8%

JSON

Related for CVE-2022-45936