Vulnerabilities > CVE-2022-26313 - Unspecified vulnerability in Mendix Forgot Password 3.3.0/3.3.2/3.4.0

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
mendix
critical

Summary

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.

Vulnerable Configurations

Part Description Count
Application
Mendix
3