Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.
CVSS Information
N/A
Vulnerability Type
使用捕获-重放进行的认证绕过
Vulnerability Title
Siemens Mendix SAML Module 安全漏洞
Vulnerability Description
Siemens Mendix SAML Module是德国西门子(Siemens)公司的一个应用程序模块。用于根据最终用户在您的身份提供者中的身份授予对 Mendix 应用程序的访问权限。 Siemens Mendix SAML Module (Mendix 7) V1.17.0之前版本、Mendix SAML Module (Mendix 8) V2.3.0之前版本、Mendix SAML Module (Mendix 9) V3.3.1之前版本存在安全漏洞,该漏洞源于无法充分防止数据包捕获重用。
CVSS Information
N/A
Vulnerability Type
N/A