{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-49111", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2023-11-22T11:08:37.654Z", "datePublished": "2024-06-20T12:34:38.170Z", "dateUpdated": "2025-11-04T17:13:02.645Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "SAST", "vendor": "Kiuwan", "versions": [{"status": "affected", "version": "<master.1808.p685.q13371", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Constantin Schwarz"}, {"lang": "en", "type": "coordinator", "value": "Johannes Greil"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p></p><p>For Kiuwan installations with SSO (single sign-on) enabled, an \nunauthenticated reflected cross-site scripting attack can be performed \non the login page \"login.html\". This is possible due to the request parameter \"message\" values\n being directly included in a JavaScript block in the response. This is \nespecially critical in business environments using AD SSO \nauthentication, e.g. via ADFS, where attackers could potentially steal \nAD passwords.</p><p></p><p>This issue affects Kiuwan SAST: &lt;master.1808.p685.q13371</p>"}], "value": "For Kiuwan installations with SSO (single sign-on) enabled, an \nunauthenticated reflected cross-site scripting attack can be performed \non the login page \"login.html\". This is possible due to the request parameter \"message\" values\n being directly included in a JavaScript block in the response. This is \nespecially critical in business environments using AD SSO \nauthentication, e.g. via ADFS, where attackers could potentially steal \nAD passwords.\n\n\n\nThis issue affects Kiuwan SAST: <master.1808.p685.q13371"}], "impacts": [{"capecId": "CAPEC-593", "descriptions": [{"lang": "en", "value": "CAPEC-593 Session Hijacking"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2024-06-20T12:34:38.170Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://r.sec-consult.com/kiuwan"}, {"tags": ["release-notes"], "url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:</p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\">https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log</a></p><ul><li>XML External Entity Injection =&gt; CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06</li><li>Services Running as Root =&gt; is SAS-6856 and SAS-6857 fixed on release 2024-05-15</li><li>Reflected Cross-site-scripting =&gt; CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06</li><li>Insecure Direct Object Reference =&gt; CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06</li><li>Sensitive Data Stored Insecurely =&gt; CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06</li></ul><p><br> The following upgrade guide was provided by the vendor:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\">https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide</a></p><p><br>\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.</p><p>SEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.</p><ul><li>Sensitive Data Stored Insecurely for MySQL</li><li>Sensitive Data displayed for wildfly</li><li>Containers Running as root User</li><li>Containers running in the host network</li><li>Exposure of Internal Services</li></ul><br>"}], "value": "The vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:\n\n https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log \n\n * XML External Entity Injection => CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\n * Services Running as Root => is SAS-6856 and SAS-6857 fixed on release 2024-05-15\n * Reflected Cross-site-scripting => CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\n * Insecure Direct Object Reference => CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\n * Sensitive Data Stored Insecurely => CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\n\n\n\n The following upgrade guide was provided by the vendor:\n https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide \n\n\n\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.\n\nSEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.\n\n * Sensitive Data Stored Insecurely for MySQL\n * Sensitive Data displayed for wildfly\n * Containers Running as root User\n * Containers running in the host network\n * Exposure of Internal Services"}], "source": {"discovery": "UNKNOWN"}, "title": "Reflected Cross-Site-Scripting in Kiuwan SAST", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "kiuwan", "product": "sast", "cpes": ["cpe:2.3:a:kiuwan:sast:master.1808.p685.q13371:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "master.1808.p685.q13371", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-01T15:49:11.103182Z", "id": "CVE-2023-49111", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T18:37:08.204Z"}}, {"title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://r.sec-consult.com/kiuwan"}, {"tags": ["release-notes", "x_transferred"], "url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"}, {"url": "http://seclists.org/fulldisclosure/2024/Jun/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:13:02.645Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://r.sec-consult.com/kiuwan", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log", "tags": ["release-notes", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jun/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:13:02.645Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-49111", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-01T15:49:11.103182Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:kiuwan:sast:master.1808.p685.q13371:*:*:*:*:*:*:*"], "vendor": "kiuwan", "product": "sast", "versions": [{"status": "affected", "version": "master.1808.p685.q13371"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T15:47:16.353Z"}}], "cna": {"title": "Reflected Cross-Site-Scripting in Kiuwan SAST", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Constantin Schwarz"}, {"lang": "en", "type": "coordinator", "value": "Johannes Greil"}], "impacts": [{"capecId": "CAPEC-593", "descriptions": [{"lang": "en", "value": "CAPEC-593 Session Hijacking"}]}], "affected": [{"vendor": "Kiuwan", "product": "SAST", "versions": [{"status": "affected", "version": "<master.1808.p685.q13371", "versionType": "custom"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "The vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:\n\n https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log \n\n * XML External Entity Injection => CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\n * Services Running as Root => is SAS-6856 and SAS-6857 fixed on release 2024-05-15\n * Reflected Cross-site-scripting => CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\n * Insecure Direct Object Reference => CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\n * Sensitive Data Stored Insecurely => CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\n\n\n\n The following upgrade guide was provided by the vendor:\n https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide \n\n\n\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.\n\nSEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.\n\n * Sensitive Data Stored Insecurely for MySQL\n * Sensitive Data displayed for wildfly\n * Containers Running as root User\n * Containers running in the host network\n * Exposure of Internal Services", "supportingMedia": [{"type": "text/html", "value": "<p>The vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:</p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\">https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log</a></p><ul><li>XML External Entity Injection =&gt; CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06</li><li>Services Running as Root =&gt; is SAS-6856 and SAS-6857 fixed on release 2024-05-15</li><li>Reflected Cross-site-scripting =&gt; CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06</li><li>Insecure Direct Object Reference =&gt; CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06</li><li>Sensitive Data Stored Insecurely =&gt; CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06</li></ul><p><br> The following upgrade guide was provided by the vendor:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\">https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide</a></p><p><br>\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.</p><p>SEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.</p><ul><li>Sensitive Data Stored Insecurely for MySQL</li><li>Sensitive Data displayed for wildfly</li><li>Containers Running as root User</li><li>Containers running in the host network</li><li>Exposure of Internal Services</li></ul><br>", "base64": false}]}], "references": [{"url": "https://r.sec-consult.com/kiuwan", "tags": ["third-party-advisory"]}, {"url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log", "tags": ["release-notes"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "For Kiuwan installations with SSO (single sign-on) enabled, an \nunauthenticated reflected cross-site scripting attack can be performed \non the login page \"login.html\". This is possible due to the request parameter \"message\" values\n being directly included in a JavaScript block in the response. This is \nespecially critical in business environments using AD SSO \nauthentication, e.g. via ADFS, where attackers could potentially steal \nAD passwords.\n\n\n\nThis issue affects Kiuwan SAST: <master.1808.p685.q13371", "supportingMedia": [{"type": "text/html", "value": "<p></p><p>For Kiuwan installations with SSO (single sign-on) enabled, an \nunauthenticated reflected cross-site scripting attack can be performed \non the login page \"login.html\". This is possible due to the request parameter \"message\" values\n being directly included in a JavaScript block in the response. This is \nespecially critical in business environments using AD SSO \nauthentication, e.g. via ADFS, where attackers could potentially steal \nAD passwords.</p><p></p><p>This issue affects Kiuwan SAST: &lt;master.1808.p685.q13371</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2024-06-20T12:34:38.170Z"}}}, "cveMetadata": {"cveId": "CVE-2023-49111", "state": "PUBLISHED", "dateUpdated": "2025-11-04T17:13:02.645Z", "dateReserved": "2023-11-22T11:08:37.654Z", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "datePublished": "2024-06-20T12:34:38.170Z", "assignerShortName": "SEC-VLab"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "For Kiuwan installations with SSO (single sign-on) enabled, an \nunauthenticated reflected cross-site scripting attack can be performed \non the login page \"login.html\". This is possible due to the request parameter \"message\" values\n being directly included in a JavaScript block in the response. This is \nespecially critical in business environments using AD SSO \nauthentication, e.g. via ADFS, where attackers could potentially steal \nAD passwords.\n\n\n\nThis issue affects Kiuwan SAST: <master.1808.p685.q13371"}, {"lang": "es", "value": "Para las instalaciones de Kiuwan con SSO (inicio de sesi\u00f3n \u00fanico) habilitado, se puede realizar un ataque de Cross Site Scripting reflejado no autenticado en la p\u00e1gina de inicio de sesi\u00f3n \"login.html\". Esto es posible debido a que los valores de \"mensaje\" del par\u00e1metro de solicitud se incluyen directamente en un bloque de JavaScript en la respuesta. Esto es especialmente cr\u00edtico en entornos empresariales que utilizan autenticaci\u00f3n AD SSO, por ejemplo, a trav\u00e9s de ADFS, donde los atacantes podr\u00edan potencialmente robar contrase\u00f1as de AD. Este problema afecta a Kiuwan SAST: "}], "id": "CVE-2023-49111", "lastModified": "2025-11-04T18:15:43.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-20T13:15:49.380", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://r.sec-consult.com/kiuwan"}, {"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2024/Jun/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://r.sec-consult.com/kiuwan"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}

{}