CVE-2024-50313

Description

A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The basic authentication implementation of affected applications contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures.

References

Link	Tags
https://cert-portal.siemens.com/productcert/html/ssa-914892.html	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-50313?: CVE-2024-50313 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50313?: To fix CVE-2024-50313, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50313 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-50313 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50313?: CVE-2024-50313 affects Siemens Mendix Runtime V10, Siemens Mendix Runtime V10.12, Siemens Mendix Runtime V10.6, Siemens Mendix Runtime V8, Siemens Mendix Runtime V9.

Description

Category

CWE-362 – Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

References

Frequently Asked Questions