Privilege Escalation Vulnerability in Mendix SAML Module
Plan Patch8.3SSA-740594Jun 14, 2022
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
The Mendix SAML module contains two vulnerabilities: an XML External Entity (XXE) attack that could disclose confidential data under certain circumstances, and a Cross Site Scripting (XSS) vulnerability allowing execution of malicious code if users access a crafted link. The XXE flaw exploits improper XML parsing in SAML request/response handling, while the XSS flaw allows injection of malicious scripts into SAML attributes. Mendix has released updates for all supported versions.
What this means
What could happen
An authenticated user could exploit an XML parsing flaw or manipulate SAML responses to escalate privileges, potentially gaining unauthorized access to systems that rely on this authentication module. Additionally, a malicious link could trigger code execution in a user's browser, compromising credentials or session data.
Who's at risk
Organizations using Mendix-based applications for operational dashboards, process monitoring, or remote access to industrial systems should prioritize this update. This includes utilities and manufacturers that rely on Mendix applications for data collection, alarm management, or administrative interfaces that control or monitor PLCs, SCADA systems, or network devices.
How it could be exploited
An attacker with valid credentials could craft a malicious SAML response containing XML external entity (XXE) payloads to extract sensitive configuration data or system files. Alternatively, they could inject malicious JavaScript into SAML attributes, which executes in the browser when a user accesses the application, potentially stealing session tokens or credentials used for downstream industrial systems.
Prerequisites
- Valid user credentials to access the Mendix application
- Network access to the Mendix application
- For XSS: user must click a malicious link or visit a page containing injected SAML data
- Application must be using the vulnerable Mendix SAML module for authentication
Remotely exploitableRequires valid user credentialsHigh CVSS score (8.3)Low complexity attackAuthentication module flaw affects system access controls
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
Mendix SAML Module (Mendix 7 compatible)< V1.16.61.16.6
Mendix SAML Module (Mendix 8 compatible)< V2.2.22.2.2
Mendix SAML Module (Mendix 9 compatible)< V3.2.33.2.3
Remediation & Mitigation
0/6
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
Mendix SAML Module (Mendix 7 compatible)
HOTFIXUpdate Mendix SAML Module (Mendix 7 compatible) to version 1.16.6 or later
Mendix SAML Module (Mendix 8 compatible)
HOTFIXUpdate Mendix SAML Module (Mendix 8 compatible) to version 2.2.2 or later
Mendix SAML Module (Mendix 9 compatible)
HOTFIXUpdate Mendix SAML Module (Mendix 9 compatible) to version 3.2.3 or later
All products
HARDENINGReview and audit SAML configuration to ensure strong XML validation is enabled and external entity resolution is disabled
HARDENINGImplement Content Security Policy (CSP) headers to limit the impact of XSS attacks in the application
Long-term hardening
0/1HARDENINGRestrict SAML module access to trusted identity providers only; validate issuer and signing certificates
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ab87b1c3-a98a-4030-b3eb-061ea34ddc48