Lucene search
PRIOn knowledge basePRION:CVE-2022-37011HistorySep 13, 2022 - 10:15 a.m.
Authentication flaw
2022-09-1310:15:00
PRIOn knowledge base
www.prio-n.com
1
mendix saml
vulnerability
authentication flaw
remote attackers
packet capture
bypass.
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option 'Allow Idp Initiated Authentication' is enabled.
Related
cnvd
cnvd
Siemens Mendix SAML Module Authentication Bypass Vulnerability
2022-09-14 00:00:00
cve
cve
CVE-2022-37011
2022-09-13 10:15:10
CVE-2022-44457
2022-11-08 11:15:12
cvelist
cvelist
CVE-2022-37011
2022-09-13 00:00:00
CVE-2022-44457
2022-11-08 00:00:00
nvd
nvd
CVE-2022-37011
2022-09-13 10:15:10
CVE-2022-44457
2022-11-08 11:15:12
ics
ics
Siemens Mendix SAML Module (Update B)
2022-12-15 12:00:00
prion
prion
Default configuration
2022-11-08 11:15:00