CVE-2022-44457 Information
Description
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0) Mendix SAML Module (Mendix 7 compatible) (All versions >= V1.17.0) Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0) Mendix SAML Module (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2) Mendix SAML Module (Mendix 9 compatible New Track) (All versions < V3.3.1) Mendix SAML Module (Mendix 9 compatible New Track) (All versions >= V3.3.1 < V3.3.5) Mendix SAML Module (Mendix 9 compatible Upgrade Track) (All versions < V3.3.0) Mendix SAML Module (Mendix 9 compatible Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay only when the not recommended non default configuration option 'Allow Idp Initiated Authentication' is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf
Share on: