CVE-2023-45794 Vulnerability Details

  /     /     /  

CVE-2023-45794 Metadata Quick Info

CVE Published: 14/11/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: siemens | Vendor: Siemens | Product: Mendix Applications using Mendix 10
Status : PUBLISHED

---

CVE-2023-45794 Description

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app\'s model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app.

Metrics

CVSS Version: 3.1 | Base Score: 6.8 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-294
CWE Name: CWE-294: Authentication Bypass by Capture-replay
Source: Siemens

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).