Lucene search
K

CVE-2023-49113

🗓️ 20 Jun 2024 12:39:00Reported by SEC-VLabType 
cve
 cve
🔗 web.nvd.nist.gov👁 52 Views🌐 WEB

Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyze

Related
Affected
Refs
Paths
[
  {
    "defaultStatus": "affected",
    "product": "SAST Local Analyzer",
    "vendor": "Kiuwan",
    "versions": [
      {
        "status": "affected",
        "version": "<master.1808.p685.q13371",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
labelrequest bodysaas/rest/v1/applications/analyses/reportXML External Entity Injection via upload of analysis reports (XXE) during the Kiuwan Local Analyzer report uploadCWE-312
startrequest bodysaas/rest/v1/applications/analyses/reportXML External Entity Injection via upload of analysis reports (XXE) during the Kiuwan Local Analyzer report uploadCWE-312
applicationIdrequest bodysaas/rest/v1/applications/analyses/reportXML External Entity Injection via upload of analysis reports (XXE) during the Kiuwan Local Analyzer report uploadCWE-312
qualityModelIdrequest bodysaas/rest/v1/applications/analyses/reportXML External Entity Injection via upload of analysis reports (XXE) during the Kiuwan Local Analyzer report uploadCWE-312
isDeliveryrequest bodysaas/rest/v1/applications/analyses/reportXML External Entity Injection via upload of analysis reports (XXE) during the Kiuwan Local Analyzer report uploadCWE-312
reportsrequest bodysaas/rest/v1/applications/analyses/reportXML External Entity Injection via upload of analysis reports (XXE) during the Kiuwan Local Analyzer report uploadCWE-312
applicationquery paramsaas/rest/v1/info/application?application=APPLICATION_NAMEInsecure Direct Object Reference allowing information about applications to be read by authenticated usersCWE-312
domainquery paramsaas/web/login.html?domain=XSS&message=...Reflected Cross-Site Scripting (XSS) on the login page via the message parameter when SSO is enabledCWE-312
messagequery paramsaas/web/login.html?domain=XSS&message=...Reflected Cross-Site Scripting (XSS) on the login page via the message parameter when SSO is enabledCWE-312

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation