CVE-2022-46664 HIGH

CVE-2022-46664

Vendor Siemens

Product Mendix Workflow Commons

Weakness CWE-284

Published December 13, 2022

Last update April 21, 2025

View on NVD All CVEs

CVSS base score

8.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information.

Key dates

02Disclosure timeline

December 13, 2022 CVE published

April 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-46664 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2022-46664

CWE CWE-284

CVSS 8.1 / HIGH

Affected versions

Vendor Siemens

Product Mendix Workflow Commons

Affected All versions < V2.4.0

Vendor Siemens

Product Mendix Workflow Commons V2.1

Affected All versions < V2.1.4

Vendor Siemens

Product Mendix Workflow Commons V2.3

Affected All versions < V2.3.2

CVE-2022-46664

01Description

02Disclosure timeline

03References

04Related CVE