How severe is CVE-2022-44457?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-44457?

This is classified as CWE-294, which is a common weakness in software security.

CVE-2022-44457

CRITICAL Year: 2022

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-294

View all →

Vulnerability Description

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.

CVE-2017-3191

CRITICAL

CVSS:9.8(Critical)

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login p...

CWE-2942017

CVE-2017-6034

CRITICAL

CVSS:9.8(Critical)

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which m...

CWE-2942017

CVE-2018-17932

CRITICAL

CVSS:9.8(Critical)

JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the devi...

CWE-2942018

CVE-2018-19025

CRITICAL

CVSS:9.8(Critical)

In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.)...

CWE-2942018

CVE-2018-7790

CRITICAL

CVSS:9.8(Critical)

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users...

CWE-2942018

CVE-2019-18226

CRITICAL

CVSS:9.8(Critical)

Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a...

CWE-2942019

CVE-2022-44457

Vulnerability Description

Related Vulnerabilities

CVE-2017-3191

CVE-2017-6034

CVE-2018-17932

CVE-2018-19025

CVE-2018-7790

CVE-2019-18226