How severe is CVE-2022-37011?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-37011?

This is classified as CWE-294, which is a common weakness in software security.

CVE-2022-37011

CRITICAL Year: 2022

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-294

View all →

Vulnerability Description

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.

CVE-2017-3191

CRITICAL

CVSS:9.8(Critical)

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login p...

CWE-2942017

CVE-2017-6034

CRITICAL

CVSS:9.8(Critical)

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which m...

CWE-2942017

CVE-2018-17932

CRITICAL

CVSS:9.8(Critical)

JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the devi...

CWE-2942018

CVE-2018-19025

CRITICAL

CVSS:9.8(Critical)

In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.)...

CWE-2942018

CVE-2018-7790

CRITICAL

CVSS:9.8(Critical)

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users...

CWE-2942018

CVE-2019-18226

CRITICAL

CVSS:9.8(Critical)

Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a...

CWE-2942019

CVE-2022-37011

Vulnerability Description

Related Vulnerabilities

CVE-2017-3191

CVE-2017-6034

CVE-2018-17932

CVE-2018-19025

CVE-2018-7790

CVE-2019-18226