CVE-2022-31257 Information

Description

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31) Mendix Applications using Mendix 8 (All versions < V8.18.18) Mendix Applications using Mendix 9 (All versions < V9.14.0) Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2) Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords.

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-433782.pdf