CVE-2024-56841

High

Published: 14 January 2025

Published

14 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0007 20.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification.

Security Summary

CVE-2024-56841 is an LDAP injection vulnerability affecting the Mendix LDAP module in all versions prior to V1.1.2. This flaw enables attackers to manipulate LDAP queries, potentially compromising authentication mechanisms within applications using the module.

An unauthenticated remote attacker can exploit this vulnerability over the network with high attack complexity and no user interaction required. Successful exploitation allows bypassing username verification, resulting in high impacts to confidentiality and integrity (CVSS 7.4: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), such as unauthorized access to sensitive data or systems.

The Siemens security advisory at https://cert-portal.siemens.com/productcert/html/ssa-314390.html details mitigation, recommending an upgrade to Mendix LDAP V1.1.2 or later to address the vulnerability.

Details

CWE(s): CWE-90

References

https://cert-portal.siemens.com/productcert/html/ssa-314390.html
productcert@siemens.com