3.4.0

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

mendix

NVD

Published: 2022-03-08

Updated: 2022-03-11

Summary

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.

Vulnerable Configurations

Part	Description	Count
Application	Mendix Mendix Forgot Password 3.3.0 Mendix Forgot Password 3.3.2 Mendix Forgot Password 3.4.0	3

References

https://cert-portal.siemens.com/productcert/pdf/ssa-134279.pdf