CVE-2023-49069
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-49069
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.11 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.19 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.33 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.31 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
响应差异性信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens Mendix 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens Mendix是德国西门子(Siemens)公司的一套低代码应用程序开发平台。该平台提供应用程序开发、测试、部署和迭代等功能。 Siemens Mendix Runtime V10,Mendix Runtime V10.12,Mendix Runtime V10.6,Mendix Runtime V8和Mendix Runtime V9存在安全漏洞,该漏洞源于受影响应用程序的身份验证机制在验证用户名时包含可观察到的响应差异漏洞。这可能允许未经身份验证的远程攻击者区分有效和无效的用户名。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Siemens | Mendix Runtime V10 | 0 ~ V10.17.0 | - | |
| Siemens | Mendix Runtime V10.12 | 0 ~ V10.12.11 | - | |
| Siemens | Mendix Runtime V10.6 | 0 ~ V10.6.19 | - | |
| Siemens | Mendix Runtime V8 | 0 ~ V8.18.33 | - | |
| Siemens | Mendix Runtime V9 | 0 ~ V9.24.31 | - |
II. Public POCs for CVE-2023-49069
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-49069
请登录查看更多情报信息。
Same Patch Batch · Siemens · 2024-09-10 · 21 CVEs total
| CVE-2024-45032 | 10.0 CRITICAL | Siemens Industrial Edge Management 安全漏洞 |
| CVE-2024-33698 | 9.8 CRITICAL | Siemens SIMATIC 安全漏洞 |
| CVE-2024-35783 | 9.1 CRITICAL | Siemens SIMATIC 安全漏洞 |
| CVE-2024-41171 | 8.8 HIGH | Siemens SINUMERIK 安全漏洞 |
| CVE-2024-44087 | 8.6 HIGH | Siemens Automation License Manager 输入验证错误漏洞 |
| CVE-2024-41170 | 7.8 HIGH | Siemens Tecnomatix Plant Simulation 安全漏洞 |
| CVE-2024-43647 | 7.5 HIGH | Siemens SIMATIC 安全漏洞 |
| CVE-2024-37990 | 6.5 MEDIUM | Siemens SIMATIC 安全漏洞 |
| CVE-2023-28827 | 5.9 MEDIUM | Siemens SIMATIC 代码问题漏洞 |
| CVE-2023-30756 | 5.9 MEDIUM | Siemens SIMATIC 代码问题漏洞 |
| CVE-2024-43781 | 5.5 MEDIUM | Siemens SINUMERIK 日志信息泄露漏洞 |
| CVE-2024-37991 | 5.3 MEDIUM | Siemens SIMATIC 信息泄露漏洞 |
| CVE-2024-37993 | 5.3 MEDIUM | Siemens SIMATIC 访问控制错误漏洞 |
| CVE-2024-37992 | 4.9 MEDIUM | Siemens SIMATIC 安全漏洞 |
| CVE-2023-30755 | 4.4 MEDIUM | Siemens SIMATIC 代码问题漏洞 |
| CVE-2024-42344 | 4.4 MEDIUM | Siemens SINEMA Remote Connect 日志信息泄露漏洞 |
| CVE-2024-42345 | 4.3 MEDIUM | Siemens SINEMA Remote Connect Server 授权问题漏洞 |
| CVE-2024-37994 | 4.3 MEDIUM | Siemens SIMATIC 安全漏洞 |
| CVE-2024-32006 | 4.3 MEDIUM | Siemens SINEMA Remote Connect 安全漏洞 |
| CVE-2024-37995 | 2.7 LOW | Siemens SIMATIC 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-204
- CVE-2026-8242
Industrial Application Software IAS Canias ERP Login RMI doA - CVE-2026-20195
Cisco Identity Services Engine Observable Response Discrepan - CVE-2026-24468
OpenAEV Vulnerable to Username/Email Enumeration Through Dif - CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-4113
SonicWALL SMA1000 安全漏洞
V. Comments for CVE-2023-49069
No comments yet