CVE-2024-50313

Name of the Vulnerable Software and Affected Versions Mendix Runtime V8 versions Mendix Runtime V9 versions prior to V9.24.29 Mendix Runtime V10 versions prior to V10.16.0 Mendix Runtime V10.6 versions prior to V10.6.15 Mendix Runtime V10.12 versions prior to V10.12.7

Description A race condition vulnerability has been identified in the basic authentication implementation of affected Mendix Runtime applications. This vulnerability could allow unauthenticated remote attackers to circumvent default account lockout measures. The issue is related to synchronization errors when using a shared resource in the basic authentication mechanism, which can be exploited by a remote attacker to bypass existing security restrictions.

Recommendations For Mendix Runtime V8, update to a version that is not affected by this issue. For Mendix Runtime V9 versions prior to V9.24.29, update to V9.24.29 or later. For Mendix Runtime V10 versions prior to V10.16.0, update to V10.16.0 or later. For Mendix Runtime V10.6 versions prior to V10.6.15, update to V10.6.15 or later. For Mendix Runtime V10.12 versions prior to V10.12.7, update to V10.12.7 or later. As a temporary workaround, consider disabling the basic authentication mechanism until a patch is available. Restrict access to affected applications to minimize the risk of exploitation.