CVE-2024-56841 HIGH

CVE-2024-56841

Vendor Siemens
Product Mendix LDAP
Weakness CWE-90 · LDAP injection
Published January 14, 2025
Last update January 14, 2025

CVSS base score

7.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification.

Key dates

02Disclosure timeline

January 14, 2025 CVE published
January 14, 2025 Record updated