CVE-2023-49111

Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 20/06/2024 Updated: 20/06/2024

For Kiuwan installations with SSO (single sign-on) enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is especially critical in business environments using AD SSO authentication, e.g. via ADFS, where attackers could potentially steal AD passwords. This issue affects Kiuwan SAST: <master.1808.p685.q13371

Kiuwan SAST versions prior to 2824023, Kiuwan Local Analyzer versions prior to master1808p685q13371, and Kiuwan SaaS versions prior to 2024-02-05 suffer from XML external entity injection, cross site scripting, insecure direct object reference, and various other vulnerabilities ...

SEC Consult Vulnerability Lab Security Advisory < 20240606-0 > ======================================================================= title: Multiple critical vulnerabilities product: Kiuwan SAST on-premise (KOP) & cloud/SaaS Kiuwan Local Analyzer (KLA) vulnerable version: Kiuwan SAST <2 ...

https://r.sec-consult.com/kiuwan https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log https://nvd.nist.gov https://seclists.org/fulldisclosure/2024/Jun/3

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-49111

Vulnerability Summary

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect