CVE-2022-26314

EPSS 1.4%CWE-307

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations.

Productos afectados

Siemens · Mendix Forgot Password Appstore module Siemens · Mendix Forgot Password Appstore module (Mendix 7 compatible)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cert-portal.siemens.com/productcert/pdf/ssa-134279.pdf