Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-24069

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...

5.4CVSS5.5AI score0.00189EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2026/04/15 12:0 a.m.111 views

📄 Kiuwan SAST 2.8.2412.0 Improper Enforcement

It was found out that a user is still able to login at the Kiuwan WebUI via SSO, even if the Kiuwan mapped account has been disabled in the user settings by an admin. This issue has been addressed in version 2.8.2509.4. SEC Consult Vulnerability Lab Security Advisory...

5.4CVSS5.7AI score0.00189EPSS
Exploits1
NVD
NVD
added 2026/04/14 12:16 p.m.3 views

CVE-2026-24069

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...

5.4CVSS0.00189EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/14 11:26 a.m.2 views

CVE-2026-24069 Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...

5.8AI score0.00189EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.6 views

Kiuwan SAST 安全漏洞

Kiuwan SAST is an application code static security analysis platform developed by Kiuwan Corporation. Versions of Kiuwan SAST prior to version 2.8.2509.4 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization for SSO login for locally disabled mapped user...

5.4CVSS5.9AI score0.00189EPSS
Exploits1References2
NVD
NVD
added 2024/06/20 1:15 p.m.27 views

CVE-2023-49113

The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...

7.8CVSS0.00178EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/06/20 12:39 p.m.14 views

CVE-2023-49113 Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyzer

The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...

7AI score0.00178EPSS
Exploits1References2
CVE
CVE
added 2024/06/20 12:39 p.m.54 views

CVE-2023-49113

The CVE-2023-49113 issue concerns Kiuwan SAST and Kiuwan Local Analyzer (KLA). The vulnerability is a data leakage risk caused by hard-coded secrets found in JARs: InsightServicesConfig.properties contains insight.github.user and insight.github.password, and Encryptor.properties includes the encr...

7.8CVSS7.7AI score0.00178EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/06/20 12:39 p.m.31 views

CVE-2023-49113 Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyzer

The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...

0.00178EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/20 12:36 p.m.28 views

CVE-2023-49112 Insecure Direct Object Reference in Kiuwan SAST

Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...

0.00517EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/06/20 12:36 p.m.11 views

CVE-2023-49112 Insecure Direct Object Reference in Kiuwan SAST

Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...

6.5AI score0.00517EPSS
Exploits1References2
CVE
CVE
added 2024/06/20 12:36 p.m.77 views

CVE-2023-49112

Kiuwan SAST is affected by CVE-2023-49112 due to an insecure API endpoint: /saas/rest/v1/info/application, which accepts only the application name and returns information about any application. The root cause is missing access control, allowing other authenticated users to read application data w...

6.5CVSS6.2AI score0.00517EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/06/20 12:34 p.m.41 views

CVE-2023-49111 Reflected Cross-Site-Scripting in Kiuwan SAST

For Kiuwan installations with SSO single sign-on enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is...

0.00646EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/06/20 12:34 p.m.24 views

CVE-2023-49111 Reflected Cross-Site-Scripting in Kiuwan SAST

For Kiuwan installations with SSO single sign-on enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is...

6.2AI score0.00646EPSS
Exploits1References2
CVE
CVE
added 2024/06/20 12:34 p.m.63 views

CVE-2023-49111

CVE-2023-49111 describes an unauthenticated reflected cross-site scripting vulnerability in Kiuwan SAST deployments with SSO enabled. The issue arises because the login page’s JavaScript block directly includes the request parameter “message,” enabling an attacker to inject script via the paramet...

6.5CVSS6.2AI score0.00646EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/06/20 12:29 p.m.13 views

CVE-2023-49110 XML External Entity Injection in Kiuwan SAST

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application either on-premises or cloud/SaaS solution, the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML...

7.5AI score0.0082EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/20 12:29 p.m.39 views

CVE-2023-49110 XML External Entity Injection in Kiuwan SAST

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application either on-premises or cloud/SaaS solution, the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML...

0.0082EPSS
Exploits1References2
CVE
CVE
added 2024/06/20 12:29 p.m.57 views

CVE-2023-49110

CVE-2023-49110 describes an XML External Entity (XXE) injection in Kiuwan SAST when the Kiuwan Local Analyzer uploads scan results. The issue arises during server-side processing of XML files in a ZIP payload, where external XML entities are resolved. A privileged attacker who can scan source cod...

7.2CVSS7.5AI score0.0082EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.7 views

PT-2024-13676 · Unknown · Kiuwan Local Analyzer +1

Name of the Vulnerable Software and Affected Versions: Kiuwan SAST version master.1808.p685.q13371 Description: The issue arises when the Kiuwan Local Analyzer uploads scan results to the Kiuwan SAST web application, which processes XML files containing external entities. This leads to an XML...

7.2CVSS7.3AI score0.0082EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/06/10 12:0 a.m.5 views

Kiuwan SAST Cross-Site Scripting Vulnerability

Kiuwan is a powerful end-to-end application security platform. A cross-site scripting vulnerability exists in Kiuwan SAST versions prior to 2.8.2402.3, which stems from an unauthenticated Reflective Cross-Site Scripting XSS attack that can be executed on the login page...

6.5CVSS5.4AI score0.00517EPSS
Exploits1References4
Rows per page
Query Builder