PT-2022-21206 · Mendix · Mendix Saml Module

Published

2022-06-14

Updated

2022-06-22

CVE-2022-32285

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mendix SAML Module (Mendix 7 compatible) versions prior to V1.16.6 Mendix SAML Module (Mendix 8 compatible) versions prior to V2.2.2 Mendix SAML Module (Mendix 9 compatible) versions prior to V3.2.3

Description The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances.

Recommendations For Mendix SAML Module (Mendix 7 compatible) versions prior to V1.16.6, update to version V1.16.6 or later. For Mendix SAML Module (Mendix 8 compatible) versions prior to V2.2.2, update to version V2.2.2 or later. For Mendix SAML Module (Mendix 9 compatible) versions prior to V3.2.3, update to version V3.2.3 or later.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2022-32285

Affected Products

Mendix Saml Module

PT-2022-21206 · Mendix · Mendix Saml Module

CVE-2022-32285

Weakness Enumeration

Related Identifiers

Affected Products

References · 4