Vulnerabilities > CVE-2021-25672 - Unspecified vulnerability in Mendix Forgot Password

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mendix

NVD

Published: 2021-03-15

Updated: 2022-04-26

Summary

A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts.

Vulnerable Configurations

Part	Description	Count
Application	Mendix Mendix Forgot Password - Mendix Forgot Password 2.0.0 Mendix Forgot Password 3.0.0 Mendix Forgot Password 3.1.0 Mendix Forgot Password 3.2.0	5

References

https://cert-portal.siemens.com/productcert/pdf/ssa-917115.pdf