216.73.216.133

CVE-2023-49069

· Published 10/09/2024 10:15 · Modified 10/10/2024 15:15

Labels: CVE-2023-49069 2024-09-10CVE-2023-49069CWE-204[email protected]

Essential information

Published
10/09/2024 10:15
Modified
10/10/2024 15:15
Author
Creator
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

A vulnerability has been identified in Mendix Runtime V10 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.32 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References