CVE-2022-32286

Published: Jun 14, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link.

Affected (3)

Products: Mendix: Saml

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mendix Saml	Before 1.16.6
Mendix Saml	From 2.0.0 to 2.2.2
Mendix Saml	From 3.0.0 to 3.2.3

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-740594.pdf

Source: productcert@siemens.com

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-740594.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.