CVE-2024-39888

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-547
View all →

Vulnerability Description

A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised.

Related Vulnerabilities

CVE-2019-14837

CRITICAL
CVSS:9.1(Critical)

A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For...

CWE-5472019

CVE-2023-1712

CRITICAL
CVSS:9.1(Critical)

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.

CWE-5472023

CVE-2019-14837

CRITICAL
CVSS:9.1(Critical)

A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For...

CWE-5472019

CVE-2023-1712

CRITICAL
CVSS:9.1(Critical)

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.

CWE-5472023

CVE-2024-32021

LOW
CVSS:3.9(Low)

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git ma...

CWE-5472024

CVE-2025-23253

LOW
CVSS:2.5(Low)

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A ...

CWE-5472025