CVE-2022-31257: 
Mendix vulnerability analysis and mitigation

A vulnerability (CVE-2022-31257) has been identified in Mendix Applications affecting multiple versions including Mendix 7 (All versions < V7.23.31), Mendix 8 (All versions < V8.18.18), Mendix 9 (All versions < V9.14.0), Mendix 9 (V9.12) (All versions < V9.12.2), and Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). The vulnerability was discovered and disclosed in July 2022 (NVD).

The vulnerability allows an attacker with access to an active user session to bypass password validations within a Mendix application, potentially enabling the setting of weak passwords. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating network accessibility, low attack complexity, and high impact on integrity (NVD).

If exploited, the vulnerability could allow attackers to bypass password validation mechanisms, potentially compromising account security by setting weak passwords. This could lead to unauthorized access to affected systems and compromise of user accounts (NVD).

Organizations should upgrade to the following patched versions: Mendix 7.23.31 or later, Mendix 8.18.18 or later, Mendix 9.14.0 or later, Mendix 9.12.2 or later (for V9.12), or Mendix 9.6.12 or later (for V9.6) (Siemens Advisory).