Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve551230f0-3615-47bd-b7cc-93e92e730bbfCVE-2023-49112
HistoryJun 20, 2024 - 1:15 p.m.

CVE-2023-49112

2024-06-2013:15:49
551230f0-3615-47bd-b7cc-93e92e730bbf
web.nvd.nist.gov
28
cve-2023-49112
insecure direct object reference
kiuwan sast
api
access control

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Kiuwan provides an API endpoint

/saas/rest/v1/info/application

to get information about any
application, providing only its name via the “application” parameter. This endpoint lacks proper access
control mechanisms, allowing other authenticated users to read
information about applications, even though they have not been granted
the necessary rights to do so.

This issue affects Kiuwan SAST: <master.1808.p685.q13371

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "SAST",
    "vendor": "Kiuwan",
    "versions": [
      {
        "status": "affected",
        "version": "<master.1808.p685.q13371",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
cvelist 1
packetstorm 1
nvd
nvd
CVE-2023-49112
2024-06-20 13:15:49
cvelist
cvelist
CVE-2023-49112 Insecure Direct Object Reference in Kiuwan SAST
2024-06-20 12:36:18
packetstorm
packetstorm
Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR
2024-06-10 00:00:00

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CVE-2023-49112
nvd1cvelist1packetstorm1