CVE-2022-26314

CVE-2022-26314

Vendor Siemens
Product Mendix Forgot Password Appstore module
Weakness CWE-307 · Brute force
Published March 8, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations.

Key dates

02Disclosure timeline

March 8, 2022 CVE published
August 3, 2024 Record updated