PT-2022-17785 · Mendix · Mendix Applications
Published
2022-03-08
·
Updated
2023-07-11
·
CVE-2022-26317
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mendix Applications versions prior to 7.23.29
Description
A vulnerability has been identified in Mendix Applications. The affected framework does not correctly verify if the request was initially made by the user requesting the result when returning the result of a completed Microflow execution call. This could allow a malicious attacker to retrieve information about arbitrary Microflow execution calls made by users within the affected system, especially when combined with predictable identifiers for Microflow execution calls.
Recommendations
For versions prior to 7.23.29, update to version 7.23.29 or later to resolve the issue.
Fix
Improper Access Control
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mendix Applications