CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-26313

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 62.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 6.8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-134279.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-134279.pdf

Products affected by CVE-2022-26313

Mendix » Forgot Password » Version: 3.3.0

cpe:2.3:a:mendix:forgot_password:3.3.0
Mendix » Forgot Password » Version: 3.3.2

cpe:2.3:a:mendix:forgot_password:3.3.2
Mendix » Forgot Password » Version: 3.4.0

cpe:2.3:a:mendix:forgot_password:3.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-26313

Products

Pricing

Contact Us