CVE-2022-26314 An vulnerability in the Mendix Forgot Password Appstore module has been identified. Incompetent passwords are generated.

The issue can be exploited by remote attackers to gain unauthorised access to Mendix Forgot Password Appstore. Mendix Forgot Password Appstore users are advised to update to the latest version as soon as possible. Mendix Forgot Password Appstore module (Mendix 7 compatible) has been updated to version 3.2.2. This update resolves the issue. Mendix Forgot Password Appstore module (All versions >= V3.3.0  V3.5.1) has been updated to version 3.3.1. This update resolves the issue. Mendix Forgot Password Appstore module (Mendix 7 compatible) has been updated to version 1.1.14. This update resolves the issue. In order to prevent possible issues with an outdated Mendix Forgot Password Appstore module, we recommend installing the latest version.

Check if you are affected by the issue

If you are a Mendix Forgot Password Appstore module customer, this is not a security risk for you. If you are not sure if your Mendix Forgot Password Appstore module is affected by the issue, please check if the version of your appstore is compatible with the current version of Mendix Forgot Password Appstore.

Mendix Forgot Password Appstore Cross-Site Scripting

Mendix Forgot Password Appstore module has been updated to version 3.2.2 which resolves the issue. Mendix Forgot Password Appstore module (All versions >= V3.3.0  V3.5.1) has been updated to version 3.3.1 which resolves the issue. Mendix Forgot Password Appstore module (Mendix 7 compatible) has been updated to version 1.1.14 which resolves the issue

Mendix Forgot Password Appstore – Product Description

The Mendix Forgot Password Appstore is an app store for the Mendix platform. The store allows users to access apps that are created by others and share them with their team or co-workers.
The issue can be exploited by remote attackers to gain unauthorised access to Mendix Forgot Password Appstore. Users who use this service are advised to update to the latest version as soon as possible.

Mendix Forgot Password Appstore Vulnerability

An issue was found in Mendix Forgot Password Appstore module (Mendix 7 compatible) that could allow remote attackers to gain access to the application store.

Timeline

Published on: 03/08/2022 12:15:00 UTC
Last modified on: 03/11/2022 19:04:00 UTC

References