CVE-2024-39888

Name of the Vulnerable Software and Affected Versions Mendix Encryption versions 10.0.0 through 10.0.1

Description A vulnerability has been identified in the Mendix Encryption module, where affected versions define a specific hard-coded default value for the EncryptionKey constant. This default encryption key can be considered compromised, potentially allowing an attacker to decrypt any encrypted project data. The vulnerability may allow a remote attacker to gain unauthorized access to protected information.

Recommendations For Mendix Encryption versions 10.0.0 through 10.0.1, update to a version outside of this range to secure your projects. As a temporary workaround, consider redefining the EncryptionKey constant with a unique value to minimize the risk of exploitation. Restrict access to encrypted project data until the issue is resolved.