{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T17:38:53.834","vulnerabilities":[{"cve":{"id":"CVE-2024-50313","sourceIdentifier":"productcert@siemens.com","published":"2024-11-12T13:15:11.910","lastModified":"2025-08-27T22:15:47.367","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The basic authentication implementation of affected applications contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en Mendix Runtime V10 (todas las versiones anteriores a la V10.16.0, solo si la aplicación utiliza el mecanismo de autenticación básica), Mendix Runtime V10.12 (todas las versiones anteriores a la V10.12.7, solo si la aplicación utiliza el mecanismo de autenticación básica), Mendix Runtime V10.6 (todas las versiones anteriores a la V10.6.15, solo si la aplicación utiliza el mecanismo de autenticación básica), Mendix Runtime V8 (todas las versiones), Mendix Runtime V9 (todas las versiones anteriores a la V9.24.29, solo si la aplicación utiliza el mecanismo de autenticación básica). La implementación de autenticación básica de las aplicaciones afectadas contiene una vulnerabilidad de condición de ejecución que podría permitir a atacantes remotos no autenticados eludir las medidas de bloqueo de cuentas predeterminadas."}],"metrics":{"cvssMetricV40":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"9.24.29","matchCriteriaId":"F6087752-F90F-4674-8C24-A4D1EB5CB7AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.6.15","matchCriteriaId":"774E44F6-A7DA-4903-9AA5-B41D4AC39B5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*","versionStartIncluding":"10.7.0","versionEndExcluding":"10.12.7","matchCriteriaId":"4B78566A-6B9D-4C40-9834-D16410CEE04F"},{"vulnerable":true,"criteria":"cpe:2.3:a:mendix:mendix:*:*:*:*:*:*:*:*","versionStartIncluding":"10.13.0","versionEndExcluding":"10.16.0","matchCriteriaId":"243DDDBE-BA70-44F9-B363-A0DC51595876"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-914892.html","source":"productcert@siemens.com","tags":["Vendor Advisory"]}]}}]}