PT-2022-27936 · Mendix · Mendix Workflow Commons
Published
2022-12-13
·
Updated
2023-01-10
·
CVE-2022-46664
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Mendix Workflow Commons versions prior to 2.4.0
Mendix Workflow Commons V2.1 versions prior to 2.1.4
Mendix Workflow Commons V2.3 versions prior to 2.3.2
Description
A vulnerability has been identified in the handling of access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information.
Recommendations
For Mendix Workflow Commons versions prior to 2.4.0, update to version 2.4.0 or later.
For Mendix Workflow Commons V2.1 versions prior to 2.1.4, update to version 2.1.4 or later.
For Mendix Workflow Commons V2.3 versions prior to 2.3.2, update to version 2.3.2 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mendix Workflow Commons