PT-2022-21207 · Mendix · Mendix Saml Module
Published
2022-06-14
·
Updated
2022-06-23
·
CVE-2022-32286
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mendix SAML Module (Mendix 7 compatible) versions prior to V1.16.6
Mendix SAML Module (Mendix 8 compatible) versions prior to V2.2.2
Mendix SAML Module (Mendix 9 compatible) versions prior to V3.2.3
Description
The issue is related to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation in certain configurations of the SAML module. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link.
Recommendations
For Mendix SAML Module (Mendix 7 compatible) versions prior to V1.16.6, update to version V1.16.6 or later to resolve the issue.
For Mendix SAML Module (Mendix 8 compatible) versions prior to V2.2.2, update to version V2.2.2 or later to resolve the issue.
For Mendix SAML Module (Mendix 9 compatible) versions prior to V3.2.3, update to version V3.2.3 or later to resolve the issue.
As a temporary workaround, consider restricting access to the SAML module to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mendix Saml Module