CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-44457

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.0%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2022-44457

Mendix » Saml » Version: 1.0

cpe:2.3:a:mendix:saml:1.0
Mendix » Saml » Version: 1.1

cpe:2.3:a:mendix:saml:1.1
Mendix » Saml » Version: 1.1.1

cpe:2.3:a:mendix:saml:1.1.1
Mendix » Saml » Version: 1.1.2

cpe:2.3:a:mendix:saml:1.1.2
Mendix » Saml » Version: 1.10.0

cpe:2.3:a:mendix:saml:1.10.0
Mendix » Saml » Version: 1.10.1

cpe:2.3:a:mendix:saml:1.10.1
Mendix » Saml » Version: 1.10.2

cpe:2.3:a:mendix:saml:1.10.2
Mendix » Saml » Version: 1.10.3

cpe:2.3:a:mendix:saml:1.10.3
Mendix » Saml » Version: 1.10.4

cpe:2.3:a:mendix:saml:1.10.4
Mendix » Saml » Version: 1.11.0

cpe:2.3:a:mendix:saml:1.11.0
Mendix » Saml » Version: 1.12.0

cpe:2.3:a:mendix:saml:1.12.0
Mendix » Saml » Version: 1.12.1

cpe:2.3:a:mendix:saml:1.12.1
Mendix » Saml » Version: 1.13.0

cpe:2.3:a:mendix:saml:1.13.0
Mendix » Saml » Version: 1.15.2

cpe:2.3:a:mendix:saml:1.15.2
Mendix » Saml » Version: 1.15.3

cpe:2.3:a:mendix:saml:1.15.3
Mendix » Saml » Version: 1.15.4

cpe:2.3:a:mendix:saml:1.15.4
Mendix » Saml » Version: 1.15.5

cpe:2.3:a:mendix:saml:1.15.5
Mendix » Saml » Version: 1.16.0

cpe:2.3:a:mendix:saml:1.16.0
Mendix » Saml » Version: 1.16.1

cpe:2.3:a:mendix:saml:1.16.1
Mendix » Saml » Version: 1.16.2

cpe:2.3:a:mendix:saml:1.16.2
Mendix » Saml » Version: 1.16.3

cpe:2.3:a:mendix:saml:1.16.3
Mendix » Saml » Version: 1.16.4

cpe:2.3:a:mendix:saml:1.16.4
Mendix » Saml » Version: 1.16.5

cpe:2.3:a:mendix:saml:1.16.5
Mendix » Saml » Version: 1.16.6

cpe:2.3:a:mendix:saml:1.16.6
Mendix » Saml » Version: 1.16.7

cpe:2.3:a:mendix:saml:1.16.7
Mendix » Saml » Version: 1.2

cpe:2.3:a:mendix:saml:1.2
Mendix » Saml » Version: 1.3

cpe:2.3:a:mendix:saml:1.3
Mendix » Saml » Version: 1.5

cpe:2.3:a:mendix:saml:1.5
Mendix » Saml » Version: 1.6

cpe:2.3:a:mendix:saml:1.6
Mendix » Saml » Version: 1.6.1

cpe:2.3:a:mendix:saml:1.6.1
Mendix » Saml » Version: 1.7

cpe:2.3:a:mendix:saml:1.7
Mendix » Saml » Version: 1.8

cpe:2.3:a:mendix:saml:1.8
Mendix » Saml » Version: 1.8.1

cpe:2.3:a:mendix:saml:1.8.1
Mendix » Saml » Version: 1.8.2

cpe:2.3:a:mendix:saml:1.8.2
Mendix » Saml » Version: 1.8.3

cpe:2.3:a:mendix:saml:1.8.3
Mendix » Saml » Version: 1.8.4

cpe:2.3:a:mendix:saml:1.8.4
Mendix » Saml » Version: 1.9

cpe:2.3:a:mendix:saml:1.9
Mendix » Saml » Version: 1.9.1

cpe:2.3:a:mendix:saml:1.9.1
Mendix » Saml » Version: 1.9.2

cpe:2.3:a:mendix:saml:1.9.2
Mendix » Saml » Version: 1.9.3

cpe:2.3:a:mendix:saml:1.9.3
Mendix » Saml » Version: 1.9.4

cpe:2.3:a:mendix:saml:1.9.4
Mendix » Saml » Version: 1.9.5

cpe:2.3:a:mendix:saml:1.9.5
Mendix » Saml » Version: 2.3.0

cpe:2.3:a:mendix:saml:2.3.0
Mendix » Saml » Version: 3.3.0

cpe:2.3:a:mendix:saml:3.3.0
Mendix » Saml » Version: 3.3.1

cpe:2.3:a:mendix:saml:3.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-44457

Products

Pricing

Contact Us