CVE-2022-32285
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances.
Se ha identificado una vulnerabilidad en el módulo SAML de Mendix (compatible con Mendix 7) (Todas las versiones anteriores a V1.16.6), el módulo SAML de Mendix (compatible con Mendix 8) (Todas las versiones anteriores a V2.2.2), el módulo SAML de Mendix (compatible con Mendix 9) (Todas las versiones anteriores a V3.2.3). El módulo afectado es vulnerable a ataques de tipo XML External Entity (XXE), debido a un saneo de entrada insuficiente. Esto puede permitir a un atacante revelar datos confidenciales en determinadas circunstancias
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-03 CVE Reserved
- 2022-06-14 CVE Published
- 2024-01-05 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-740594.pdf | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mendix Search vendor "Mendix" | Saml Search vendor "Mendix" for product "Saml" | < 1.16.6 Search vendor "Mendix" for product "Saml" and version " < 1.16.6" | - |
Affected
| ||||||
Mendix Search vendor "Mendix" | Saml Search vendor "Mendix" for product "Saml" | >= 2.0.0 < 2.2.2 Search vendor "Mendix" for product "Saml" and version " >= 2.0.0 < 2.2.2" | - |
Affected
| ||||||
Mendix Search vendor "Mendix" | Saml Search vendor "Mendix" for product "Saml" | >= 3.0.0 < 3.2.3 Search vendor "Mendix" for product "Saml" and version " >= 3.0.0 < 3.2.3" | - |
Affected
|