{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T18:03:11.281","vulnerabilities":[{"cve":{"id":"CVE-2023-43623","sourceIdentifier":"productcert@siemens.com","published":"2023-10-10T11:15:12.240","lastModified":"2024-11-21T08:24:29.350","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0). Applications using the affected module are vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en: \nMendix Forgot Password (compatible con Mendix 10) (todas las versiones < V5.4.0), \nMendix Forgot Password (compatible con Mendix 7) (todas las versiones < V3.7.3), \nMendix Forgot Password (compatible con Mendix 8) (Todas versiones < V4.1.3),\nMendix Forgot Password (compatible con Mendix 9) (Todas las versiones < V5.4.0). \nLas aplicaciones que utilizan el módulo afectado son vulnerables a la enumeración de usuarios debido a respuestas distinguibles. Esto podría permitir que un atacante remoto no autenticado determine si un usuario es válido o no, permitiendo un ataque de fuerza bruta con usuarios válidos."}],"metrics":{"cvssMetricV31":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mendix:forgot_password:*:*:*:*:*:*:*:*","versionEndExcluding":"3.7.3","matchCriteriaId":"A4841C81-BDB6-4D19-9399-25E106AF654B"},{"vulnerable":true,"criteria":"cpe:2.3:a:mendix:forgot_password:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.1.3","matchCriteriaId":"4D6E5A35-E9FB-4F42-8022-605EE691C0B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:mendix:forgot_password:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.4.0","matchCriteriaId":"B5D68BE8-7D5E-4FFF-A1B6-E9ECA060BCEC"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-295483.pdf","source":"productcert@siemens.com","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-295483.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}