Privilege Escalation Vulnerability in Mendix SAML Module
Plan Patch8.1SSA-522654Jun 8, 2021
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A privilege escalation vulnerability exists in Mendix SAML module versions prior to 2.1.2. An authenticated user can exploit this flaw to gain elevated privileges within Mendix applications. The vulnerability is in the SAML authentication module handling. Siemens recommends updating to version 2.1.2 or later to remediate the issue.
What this means
What could happen
An attacker with a valid login account could escalate their privileges within Mendix applications that use SAML authentication, potentially gaining administrative access to application functions and data they should not have access to.
Who's at risk
Organizations using Mendix applications for process automation, configuration management, or data control systems that rely on SAML authentication for access control should update. This primarily affects IT operations teams that deploy Mendix-based applications in their OT environment.
How it could be exploited
An attacker with valid SAML credentials logs into a vulnerable Mendix application and exploits the privilege escalation flaw in the SAML module to gain higher-level permissions without legitimate authorization. The attack requires they already have a valid account.
Prerequisites
- Valid login credentials for a Mendix application using SAML module
- Network access to the Mendix application
- Mendix SAML module version below 2.1.2
Requires valid credentialsRemotely exploitable over networkLow attack complexityAffects access control and authorization
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
Mendix SAML Module< V2.1.22.1.2
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Mendix SAML module to version 2.1.2 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/4338d2ad-33de-4184-a698-82129a63bc9d