CVE-2022-26313 - AskarLabs CVE Database

CVE-2022-26313

Vendor Siemens

Product Mendix Forgot Password Appstore module

Weakness CWE-284

Published March 8, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.

Key dates

02Disclosure timeline

March 8, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-26313 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

04Related CVE

CVE-2024-0766 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Missing Authorization via templates_ajax_request CVE-2026-45154 Nextcloud: Improper Access Control in Collectives CVE-2023-47859 CVE-2026-5484 BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control CVE-2015-10057 Little Apps Little Software Stats Password Reset class.securelogin.php access control