CVE-2024-50313

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 12, 2024

Updated: Nov 15, 2024

CWE ID 362

Summary

CVE-2024-50313 is a newly identified vulnerability that affects various versions of Mendix Runtime, including V10.x (<V10.16.0, V10.12.x (<V10.12.7), V10.6.x (<V10.6.15), V8, and V9 (<V9.24.29). The issue lies in the basic authentication implementation, which contains a race condition. This vulnerability enables unauthenticated remote attackers to bypass the default account lockout measures when this authentication mechanism is in use, potentially leading to unauthorized access. Users are strongly urged to upgrade their Mendix Runtime versions as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zvuxc6
https://www.cve.org/CVERecord?id=CVE-2024-50313
https://nvd.nist.gov/vuln/detail/CVE-2024-50313

Back to Vulnerability Database

CVE-2024-50313

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations