PT-2023-21146 · Mendix · Mendix Forgot Password
Published
2023-04-11
·
Updated
2023-04-19
·
CVE-2023-27464
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mendix Forgot Password (Mendix 7 compatible) versions prior to V3.7.1
Mendix Forgot Password (Mendix 8 compatible) versions prior to V4.1.1
Mendix Forgot Password (Mendix 9 compatible) versions prior to V5.1.1
Description
The affected versions of the module contain an observable response discrepancy issue that could allow an attacker to retrieve sensitive information.
Recommendations
For Mendix Forgot Password (Mendix 7 compatible) versions prior to V3.7.1, update to version V3.7.1 or later.
For Mendix Forgot Password (Mendix 8 compatible) versions prior to V4.1.1, update to version V4.1.1 or later.
For Mendix Forgot Password (Mendix 9 compatible) versions prior to V5.1.1, update to version V5.1.1 or later.
Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mendix Forgot Password