CVE-2023-43623

MEDIUM EPSS 39.5%

Published Oct 10, 20232y ago · Modified Jun 17, 20261w ago

5.3 CVSS 3.1

Medium

Published Oct 10, 2023 2y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0). Applications using the affected module are vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.

CVSS Details

Base Score

5.3

Exploitability

3.9

Impact

1.4

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

39.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-203

Affected Products 3

Vendor	Product	Version	Range
mendix	forgot_password	*	<3.7.3
mendix	forgot_password	*	≥4.0.0 – <4.1.3
mendix	forgot_password	*	≥5.0.0 – <5.4.0

References 1

cert-portal.siemens.com https://cert-portal.siemens.com/productcert/pdf/ssa-295483.pdf

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.