Auth bypass in Mendix Saml
CVE-2023-29129
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0…
EPSS: 0.009 (54.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Mendix Saml
- Siemens Mendix Saml (Mendix 7 Compatible) — versions All versions >= V1.17.3 < V1.18.0, All versions >= V1.16.4 < V1.17.3
- Siemens Mendix Saml (Mendix 8 Compatible) — versions All versions >= V2.3.0 < V2.4.0, All versions >= V2.2.0 < V2.3.0
- Siemens Mendix Saml (Mendix 9.12/9.18 Compatible, New Track) — versions All versions >= V3.3.1 < V3.3.15
- Siemens Mendix Saml (Mendix 9.12/9.18 Compatible, Upgrade Track) — versions All versions >= V3.3.0 < V3.3.14
- Siemens Mendix Saml (Mendix 9.6 Compatible, New Track) — versions All versions >= V3.1.9 < V3.2.7
- Siemens Mendix Saml (Mendix 9.6 Compatible, Upgrade Track) — versions All versions >= V3.1.8 < V3.2.6
- Siemens Mendix Saml (Mendix 9 Latest Compatible, New Track) — versions All versions >= V3.3.1 < V3.6.1, All versions >= V3.1.9 < V3.3.1
- Siemens Mendix Saml (Mendix 9 Latest Compatible, Upgrade Track) — versions All versions >= V3.3.0 < V3.6.0, All versions >= V3.1.8 < V3.3.0
Weakness classification (CWE)
References
- productcert@siemens.com (Patch, Vendor Advisory)
Frequently asked questions
- What is CVE-2023-29129?
- CVE-2023-29129 is a critical-severity vulnerability in Mendix Saml, classified under Incorrect Implementation of Authentication Algorithm. CVSS score: 9.1/10. Published 2023-06-13.
- How severe is CVE-2023-29129?
- Critical severity. CVSS v3 base score is 9.1 out of 10.