Cross-Site Scripting Vulnerability in Mendix SAML Module
Act Now9.3SSA-496604Jan 10, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
The Mendix SAML module contains a reflected cross-site scripting (XSS) vulnerability (CWE-79). An attacker could craft a malicious URL that, when accessed by a user, executes arbitrary JavaScript in the user's browser context. This could allow the attacker to steal session cookies, authentication tokens, or other sensitive data. The vulnerability only affects applications using non-default SAML configurations. Siemens has released updates for all affected product lines.
What this means
What could happen
An attacker could trick users into clicking a malicious link, allowing them to steal session cookies or credentials for applications using the Mendix SAML module. Only systems using non-default SAML configurations are at risk.
Who's at risk
Organizations running Mendix-based applications (web applications built on Mendix platform) that use the SAML authentication module for single sign-on, particularly those with non-default SAML configurations. This affects IT teams managing enterprise web applications and user-facing portals.
How it could be exploited
An attacker crafts a malicious URL containing XSS payload and sends it to a user (via email, chat, or social engineering). When the user clicks the link, the unvalidated input is reflected back in the SAML module's response, executing JavaScript in the user's browser. The attacker can then capture authentication tokens or session cookies.
Prerequisites
- User must click a malicious link sent by the attacker
- Application must be running Mendix SAML module with non-default configuration
- Application must be accessible over the network
Remotely exploitableRequires user interaction (click malicious link)Affects authentication systemsLow complexity attack
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
Mendix SAML (Mendix 8 compatible)≥ V2.3.0 < V2.3.42.3.4
Mendix SAML (Mendix 9 compatible, New Track)≥ V3.3.0 < V3.3.93.3.9
Mendix SAML (Mendix 9 compatible, Upgrade Track)≥ V3.3.0 < V3.3.83.3.8
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
Mendix SAML (Mendix 8 compatible)
HOTFIXUpdate Mendix SAML (Mendix 8 compatible) to version 2.3.4 or later
Mendix SAML (Mendix 9 compatible, New Track)
HOTFIXUpdate Mendix SAML (Mendix 9 compatible, New Track) to version 3.3.9 or later
Mendix SAML (Mendix 9 compatible, Upgrade Track)
HOTFIXUpdate Mendix SAML (Mendix 9 compatible, Upgrade Track) to version 3.3.8 or later
Long-term hardening
0/1HARDENINGIf you have configured non-default SAML settings, verify they follow security best practices and sanitize all user inputs
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a801cf4b-22a3-495b-aeef-499e263874a8