← Back to home
SIEMENS-SSA-740594  ·  Published 2022-06-14  ·  View on Siemens ProductCERT ↗

SSA-740594 V1.0: Privilege Escalation Vulnerability in Mendix SAML Module

CVSS N/A MEDIUM

Risk Summary

<p>The latest updates of Mendix the SAML module fixes two vulnerabilities. One is an XML External Entity (XXE) attack that could allow an attacker to potentially disclose confidential data under certain circumstances the other is an Cross Site Scripting (XSS) attack allowing to execute malicious code by tricking users into accessing a malicious link .</p> <p>Mendix has released an update for the Mendix SAML module and recommends to update to the latest version.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-740594 V1.0: Privilege Escalation Vulnerability in Mendix SAML Module See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more