CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50313
https://notcve.org/view.php?id=CVE-2024-50313
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The basic authentication implementation of affected applications contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. • https://cert-portal.siemens.com/productcert/html/ssa-914892.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •