A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-134279.pdf | Mitigation Patch Vendor Advisory |
Configurations
History
No history.
Information
Published : 2022-03-08 12:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-26313
Mitre link : CVE-2022-26313
CVE.ORG link : CVE-2022-26313
JSON object : View
Products Affected
mendix
- forgot_password
CWE