Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2023-49113

🗓️ 20 Jun 2024 12:39:00Reported by SEC-VLabType 
cve
 cve🔗 web.nvd.nist.gov👁 44 Views🌐 WEB

Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyze

Related
Affected
Refs
Paths
[
  {
    "defaultStatus": "affected",
    "product": "SAST Local Analyzer",
    "vendor": "Kiuwan",
    "versions": [
      {
        "status": "affected",
        "version": "<master.1808.p685.q13371",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
labelrequest body/saas/rest/v1/applications/analyses/reportXML External Entity Injection via uploaded analysis report ZIP/XML payload.CWE-312
startrequest body/saas/rest/v1/applications/analyses/reportXML External Entity Injection via uploaded analysis report ZIP/XML payload.CWE-312
applicationIdrequest body/saas/rest/v1/applications/analyses/reportXML External Entity Injection via uploaded analysis report ZIP/XML payload.CWE-312
qualityModelIdrequest body/saas/rest/v1/applications/analyses/reportXML External Entity Injection via uploaded analysis report ZIP/XML payload.CWE-312
isDeliveryrequest body/saas/rest/v1/applications/analyses/reportXML External Entity Injection via uploaded analysis report ZIP/XML payload.CWE-312
reportsrequest body/saas/rest/v1/applications/analyses/reportXML External Entity Injection via uploaded analysis report ZIP/XML payload.CWE-312
applicationquery param/saas/rest/v1/info/application?application=APPLICATION_NAMEInsecure Direct Object Reference exposing application information to authenticated users without proper access controls.CWE-312
domainquery param/saas/web/login.html?domain=XSS&message=x'%2Beval('alert(document.location)');//&sso=offReflected Cross-Site Scripting (XSS) on login page due to unsanitized request parameter values.CWE-312
messagequery param/saas/web/login.html?domain=XSS&message=x'%2Beval('alert(document.location)');//&sso=offReflected Cross-Site Scripting (XSS) on login page due to unsanitized request parameter values.CWE-312
ssoquery param/saas/web/login.html?domain=XSS&message=x'%2Beval('alert(document.location)');//&sso=offReflected Cross-Site Scripting (XSS) on login page due to unsanitized request parameter values.CWE-312
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Apr 2026 00:35Current
7.7High risk
Vulners AI Score7.7
CVSS 3.17.8
EPSS0.00031
SSVC
CWE-312
kiuwan sastlocal analyzerhard-coded secretsplain textconfidentialityjar filescredential compromisegithubencryptor keycve-2023-49113
44