Authentication Bypass Vulnerability in Mendix SAML Module
Act Now9.1SSA-851884Mar 14, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The Mendix SAML module insufficiently verifies SAML assertions, allowing unauthenticated remote attackers to bypass authentication and gain unauthorized access to applications. The vulnerability affects multiple versions of Mendix 7, 8, and 9 SAML modules. Mendix has released fixed versions: apply the latest update for your Mendix version. Note that earlier fix versions (CVE-2023-25957) removed the vulnerability only when the default 'Use Encryption' option was enabled; later fix versions (CVE-2023-29129) address the non-default configuration case as well.
What this means
What could happen
An attacker could bypass authentication on any application using the vulnerable Mendix SAML module and gain unauthorized access without valid credentials. This could allow attackers to view sensitive data, modify configurations, or disrupt operations depending on the application's function.
Who's at risk
Any organization using Mendix applications with SAML-based single sign-on authentication should be concerned, including water utilities, power systems, and manufacturing facilities that rely on Mendix-based business applications for asset management, supervisory functions, or administrative controls. The vulnerability affects all Mendix 7, 8, and 9 variants of the SAML module.
How it could be exploited
An attacker sends a specially crafted SAML assertion to an application protected by the vulnerable Mendix SAML module. The module fails to properly verify the assertion's authenticity and grants access, allowing the attacker to impersonate any user including administrators without needing credentials.
Prerequisites
- Network access to the web application using vulnerable Mendix SAML module
- The application must use SAML authentication (no credentials required to attempt bypass)
remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.1)authentication bypass
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (12)
12 with fix
ProductAffected VersionsFix Status
Mendix SAML (Mendix 7 compatible)≥ V1.16.4< V1.17.31.17.3
Mendix SAML (Mendix 7 compatible)≥ V1.17.3< V1.18.01.18.0
Mendix SAML (Mendix 8 compatible)≥ V2.2.0< V2.3.02.3.0
Mendix SAML (Mendix 8 compatible)≥ V2.3.0< V2.4.02.4.0
Mendix SAML (Mendix 9 latest compatible, New Track)≥ V3.1.9< V3.3.13.3.1
Mendix SAML (Mendix 9 latest compatible, New Track)≥ V3.3.1< V3.6.13.6.1
Mendix SAML (Mendix 9 latest compatible, Upgrade Track)≥ V3.1.8< V3.3.03.3.0
Mendix SAML (Mendix 9 latest compatible, Upgrade Track)≥ V3.3.0< V3.6.03.6.0
Remediation & Mitigation
0/9
Do now
0/1WORKAROUNDIf patching cannot be completed immediately, ensure 'Use Encryption' is enabled in SAML configuration as a temporary mitigation
Schedule — requires maintenance window
0/8Patching may require device reboot — plan for process interruption
HOTFIXUpdate Mendix SAML module for Mendix 7 to version 1.17.3 or later
HOTFIXUpdate Mendix SAML module for Mendix 8 to version 2.3.0 or later
HOTFIXUpdate Mendix SAML module for Mendix 9 latest (New Track) to version 3.3.1 or later
HOTFIXUpdate Mendix SAML module for Mendix 9 latest (Upgrade Track) to version 3.3.0 or later
HOTFIXUpdate Mendix SAML module for Mendix 9.6 (New Track) to version 3.2.7 or later
HOTFIXUpdate Mendix SAML module for Mendix 9.6 (Upgrade Track) to version 3.2.6 or later
HOTFIXUpdate Mendix SAML module for Mendix 9.12/9.18 (New Track) to version 3.3.15 or later
HOTFIXUpdate Mendix SAML module for Mendix 9.12/9.18 (Upgrade Track) to version 3.3.14 or later
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e1f3c7a3-15bc-4b93-a864-92385ee8ea02