CVE-2023-45794

HIGH Year: 2023
CVSS v3 Score
8.1
High
Weakness Type
CWE-294
View all →

Vulnerability Description

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app.

Related Vulnerabilities

CVE-2017-5251

HIGH
CVSS:8.1(High)

In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.

CWE-2942017

CVE-2018-17935

HIGH
CVSS:8.1(High)

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of a...

CWE-2942018

CVE-2019-12887

HIGH
CVSS:8.1(High)

KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).

CWE-2942019

CVE-2019-13533

HIGH
CVSS:8.1(High)

In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening a...

CWE-2942019

CVE-2020-27157

HIGH
CVSS:8.1(High)

Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to ...

CWE-2942020