21 matches found
CVE-2026-24069
Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...
📄 Kiuwan SAST 2.8.2412.0 Improper Enforcement
It was found out that a user is still able to login at the Kiuwan WebUI via SSO, even if the Kiuwan mapped account has been disabled in the user settings by an admin. This issue has been addressed in version 2.8.2509.4. SEC Consult Vulnerability Lab Security Advisory...
CVE-2026-24069
Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...
CVE-2026-24069 Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST
Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...
Kiuwan SAST 安全漏洞
Kiuwan SAST is an application code static security analysis platform developed by Kiuwan Corporation. Versions of Kiuwan SAST prior to version 2.8.2509.4 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization for SSO login for locally disabled mapped user...
CVE-2023-49113
The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...
CVE-2023-49113 Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyzer
The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...
CVE-2023-49113
The CVE-2023-49113 issue concerns Kiuwan SAST and Kiuwan Local Analyzer (KLA). The vulnerability is a data leakage risk caused by hard-coded secrets found in JARs: InsightServicesConfig.properties contains insight.github.user and insight.github.password, and Encryptor.properties includes the encr...
CVE-2023-49113 Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyzer
The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...
CVE-2023-49112 Insecure Direct Object Reference in Kiuwan SAST
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...
CVE-2023-49112 Insecure Direct Object Reference in Kiuwan SAST
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...
CVE-2023-49112
Kiuwan SAST is affected by CVE-2023-49112 due to an insecure API endpoint: /saas/rest/v1/info/application, which accepts only the application name and returns information about any application. The root cause is missing access control, allowing other authenticated users to read application data w...
CVE-2023-49111 Reflected Cross-Site-Scripting in Kiuwan SAST
For Kiuwan installations with SSO single sign-on enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is...
CVE-2023-49111 Reflected Cross-Site-Scripting in Kiuwan SAST
For Kiuwan installations with SSO single sign-on enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is...
CVE-2023-49111
CVE-2023-49111 describes an unauthenticated reflected cross-site scripting vulnerability in Kiuwan SAST deployments with SSO enabled. The issue arises because the login page’s JavaScript block directly includes the request parameter “message,” enabling an attacker to inject script via the paramet...
CVE-2023-49110 XML External Entity Injection in Kiuwan SAST
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application either on-premises or cloud/SaaS solution, the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML...
CVE-2023-49110 XML External Entity Injection in Kiuwan SAST
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application either on-premises or cloud/SaaS solution, the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML...
CVE-2023-49110
CVE-2023-49110 describes an XML External Entity (XXE) injection in Kiuwan SAST when the Kiuwan Local Analyzer uploads scan results. The issue arises during server-side processing of XML files in a ZIP payload, where external XML entities are resolved. A privileged attacker who can scan source cod...
PT-2024-13676 · Unknown · Kiuwan Local Analyzer +1
Name of the Vulnerable Software and Affected Versions: Kiuwan SAST version master.1808.p685.q13371 Description: The issue arises when the Kiuwan Local Analyzer uploads scan results to the Kiuwan SAST web application, which processes XML files containing external entities. This leads to an XML...
Kiuwan SAST Cross-Site Scripting Vulnerability
Kiuwan is a powerful end-to-end application security platform. A cross-site scripting vulnerability exists in Kiuwan SAST versions prior to 2.8.2402.3, which stems from an unauthenticated Reflective Cross-Site Scripting XSS attack that can be executed on the login page...