What is CVE-2023-29129?

CVE-2023-29129 is a vulnerability identified in Mendix SAML that affects certain versions of the software.

What is the severity of CVE-2023-29129?

CVE-2023-29129 has a severity rating of 9.8, which is classified as critical.

How does CVE-2023-29129 affect Mendix SAML?

CVE-2023-29129 affects Mendix SAML versions V1.17.3 to V1.18.0 and V1.16.4 to V1.17.3 for Mendix 7 compatible, as well as V2.3.0 to V2.4.0 for Mendix 8 compatible.

What is the CWE of CVE-2023-29129?

CVE-2023-29129 is associated with CWE-287 (Improper Authentication) and CWE-303 (Incorrect Implementation of Authentication Algorithm).

How can I fix CVE-2023-29129?

To fix CVE-2023-29129, it is recommended to update Mendix SAML to versions V1.18.0 or higher for Mendix 7 compatible, and V2.4.0 or higher for Mendix 8 compatible.

Vulnerability/
CVE-2023-29129

critical

9.8

CWE

287 303

13/6/2023

3/1/2025

CVE-2023-29129

First published: Tue Jun 13 2023(Updated: )

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.12/9.18 compatible, New Track) (All versions >= V3.3.1 < V3.3.15), Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.14), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. This CVE entry describes the incomplete fix for CVE-2023-25957 in a specific non default configuration.

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Mendix	>=1.16.4<1.18.0
Mendix	>=2.2.0<2.4.0
Mendix	>=3.1.8<3.6.1

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-851884.pdf

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/pdf/ssa-851884.pdf

Frequently Asked Questions

What is CVE-2023-29129?
CVE-2023-29129 is a vulnerability identified in Mendix SAML that affects certain versions of the software.
What is the severity of CVE-2023-29129?
CVE-2023-29129 has a severity rating of 9.8, which is classified as critical.
How does CVE-2023-29129 affect Mendix SAML?
CVE-2023-29129 affects Mendix SAML versions V1.17.3 to V1.18.0 and V1.16.4 to V1.17.3 for Mendix 7 compatible, as well as V2.3.0 to V2.4.0 for Mendix 8 compatible.
What is the CWE of CVE-2023-29129?
CVE-2023-29129 is associated with CWE-287 (Improper Authentication) and CWE-303 (Incorrect Implementation of Authentication Algorithm).
How can I fix CVE-2023-29129?
To fix CVE-2023-29129, it is recommended to update Mendix SAML to versions V1.18.0 or higher for Mendix 7 compatible, and V2.4.0 or higher for Mendix 8 compatible.

agent/weakness
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/references
agent/author
agent/remedy
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/mendix
canonical/mendix
version/mendix/1.16.4
version/mendix/2.2.0
version/mendix/3.1.8