CVE-2023-49110 (GCVE-0-2023-49110)
Vulnerability from cvelistv5
Published
2024-06-20 12:29
Modified
2025-11-04 17:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Summary
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web
application (either on-premises or cloud/SaaS solution), the transmitted data
consists of a ZIP archive containing several files, some of them in the
XML file format. During Kiuwan's server-side processing of these XML
files, it resolves external XML entities, resulting in a XML external
entity injection attack. An attacker with privileges to scan
source code within the "Code Security" module is able to extract any
files of the operating system with the rights of the application server
user and is potentially able to gain sensitive files, such as
configuration and passwords. Furthermore, this vulnerability also allows
an attacker to initiate connections to internal systems, e.g. for port
scans or accessing other internal functions / applications such as the
Wildfly admin console of Kiuwan.
This issue affects Kiuwan SAST: <master.1808.p685.q13371
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kiuwan:sast:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sast",
"vendor": "kiuwan",
"versions": [
{
"lessThan": "2.8.2402.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kiuwan:local_analyzer:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "local_analyzer",
"vendor": "kiuwan",
"versions": [
{
"lessThan": "master.1808.p685.q13371",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49110",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:39:20.547403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:42:58.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:13:01.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://r.sec-consult.com/kiuwan"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jun/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SAST",
"vendor": "Kiuwan",
"versions": [
{
"status": "affected",
"version": "\u003cmaster.1808.p685.q13371",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Constantin Schwarz"
},
{
"lang": "en",
"type": "coordinator",
"value": "Johannes Greil"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhen the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web \napplication (either on-premises or cloud/SaaS solution), the transmitted data \nconsists of a ZIP archive containing several files, some of them in the \nXML file format. During Kiuwan\u0027s server-side processing of these XML \nfiles, it resolves external XML entities, resulting in a XML external \nentity injection attack.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAn attacker with privileges to scan \nsource code within the \"Code Security\" module is able to extract any \nfiles of the operating system with the rights of the application server \nuser and is potentially able to gain sensitive files, such as \nconfiguration and passwords. Furthermore, this vulnerability also allows\n an attacker to initiate connections to internal systems, e.g. for port \nscans or accessing other internal functions / applications such as the \nWildfly admin console of Kiuwan.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Kiuwan SAST: \u0026lt;master.1808.p685.q13371\u003c/p\u003e"
}
],
"value": "When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web \napplication (either on-premises or cloud/SaaS solution), the transmitted data \nconsists of a ZIP archive containing several files, some of them in the \nXML file format. During Kiuwan\u0027s server-side processing of these XML \nfiles, it resolves external XML entities, resulting in a XML external \nentity injection attack.\u00a0An attacker with privileges to scan \nsource code within the \"Code Security\" module is able to extract any \nfiles of the operating system with the rights of the application server \nuser and is potentially able to gain sensitive files, such as \nconfiguration and passwords. Furthermore, this vulnerability also allows\n an attacker to initiate connections to internal systems, e.g. for port \nscans or accessing other internal functions / applications such as the \nWildfly admin console of Kiuwan.\n\nThis issue affects Kiuwan SAST: \u003cmaster.1808.p685.q13371"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T12:29:34.997Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/kiuwan"
},
{
"tags": [
"release-notes"
],
"url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\"\u003ehttps://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eXML External Entity Injection =\u0026gt; CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eServices Running as Root =\u0026gt; is SAS-6856 and SAS-6857 fixed on release 2024-05-15\u003c/li\u003e\u003cli\u003eReflected Cross-site-scripting =\u0026gt; CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eInsecure Direct Object Reference =\u0026gt; CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eSensitive Data Stored Insecurely =\u0026gt; CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e The following upgrade guide was provided by the vendor:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\"\u003ehttps://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.\u003c/p\u003e\u003cp\u003eSEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.\u003c/p\u003e\u003cul\u003e\u003cli\u003eSensitive Data Stored Insecurely for MySQL\u003c/li\u003e\u003cli\u003eSensitive Data displayed for wildfly\u003c/li\u003e\u003cli\u003eContainers Running as root User\u003c/li\u003e\u003cli\u003eContainers running in the host network\u003c/li\u003e\u003cli\u003eExposure of Internal Services\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:\n\n https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log \n\n * XML External Entity Injection =\u003e CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\n * Services Running as Root =\u003e is SAS-6856 and SAS-6857 fixed on release 2024-05-15\n * Reflected Cross-site-scripting =\u003e CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\n * Insecure Direct Object Reference =\u003e CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\n * Sensitive Data Stored Insecurely =\u003e CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\n\n\n\n The following upgrade guide was provided by the vendor:\n https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide \n\n\n\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.\n\nSEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.\n\n * Sensitive Data Stored Insecurely for MySQL\n * Sensitive Data displayed for wildfly\n * Containers Running as root User\n * Containers running in the host network\n * Exposure of Internal Services"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XML External Entity Injection in Kiuwan SAST",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2023-49110",
"datePublished": "2024-06-20T12:29:34.997Z",
"dateReserved": "2023-11-22T11:08:37.654Z",
"dateUpdated": "2025-11-04T17:13:01.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-49110\",\"sourceIdentifier\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"published\":\"2024-06-20T13:15:49.250\",\"lastModified\":\"2025-11-04T18:15:43.230\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web \\napplication (either on-premises or cloud/SaaS solution), the transmitted data \\nconsists of a ZIP archive containing several files, some of them in the \\nXML file format. During Kiuwan\u0027s server-side processing of these XML \\nfiles, it resolves external XML entities, resulting in a XML external \\nentity injection attack.\u00a0An attacker with privileges to scan \\nsource code within the \\\"Code Security\\\" module is able to extract any \\nfiles of the operating system with the rights of the application server \\nuser and is potentially able to gain sensitive files, such as \\nconfiguration and passwords. Furthermore, this vulnerability also allows\\n an attacker to initiate connections to internal systems, e.g. for port \\nscans or accessing other internal functions / applications such as the \\nWildfly admin console of Kiuwan.\\n\\nThis issue affects Kiuwan SAST: \u003cmaster.1808.p685.q13371\"},{\"lang\":\"es\",\"value\":\"Cuando Kiuwan Local Analyzer carga los resultados del escaneo en la aplicaci\u00f3n web Kiuwan SAST (ya sea local o en la nube/soluci\u00f3n SaaS), los datos transmitidos constan de un archivo ZIP que contiene varios archivos, algunos de ellos en formato de archivo XML. Durante el procesamiento del lado del servidor de estos archivos XML por parte de Kiuwan, resuelve entidades XML externas, lo que resulta en un ataque de inyecci\u00f3n de entidades externas XML. Un atacante con privilegios para escanear el c\u00f3digo fuente dentro del m\u00f3dulo \\\"C\u00f3digo de seguridad\\\" puede extraer cualquier archivo del sistema operativo con los derechos del usuario del servidor de aplicaciones y potencialmente puede obtener archivos confidenciales, como configuraci\u00f3n y contrase\u00f1as. Adem\u00e1s, esta vulnerabilidad tambi\u00e9n permite a un atacante iniciar conexiones a sistemas internos, por ejemplo, para escanear puertos o acceder a otras funciones/aplicaciones internas, como la consola de administraci\u00f3n Wildfly de Kiuwan. Este problema afecta a Kiuwan SAST: \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"references\":[{\"url\":\"https://r.sec-consult.com/kiuwan\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jun/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://r.sec-consult.com/kiuwan\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://r.sec-consult.com/kiuwan\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\", \"tags\": [\"release-notes\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jun/3\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T17:13:01.132Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-49110\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-20T15:39:20.547403Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:kiuwan:sast:0:*:*:*:*:*:*:*\"], \"vendor\": \"kiuwan\", \"product\": \"sast\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.8.2402.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:kiuwan:local_analyzer:0:*:*:*:*:*:*:*\"], \"vendor\": \"kiuwan\", \"product\": \"local_analyzer\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"master.1808.p685.q13371\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-20T15:38:23.986Z\"}}], \"cna\": {\"title\": \"XML External Entity Injection in Kiuwan SAST\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Constantin Schwarz\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Johannes Greil\"}], \"affected\": [{\"vendor\": \"Kiuwan\", \"product\": \"SAST\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003cmaster.1808.p685.q13371\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The vendor provides a patched version master.1808.p685.q13371 which \\nshould be installed immediately. See the changelog from the vendor:\\n\\n https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log \\n\\n * XML External Entity Injection =\u003e CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\\n * Services Running as Root =\u003e is SAS-6856 and SAS-6857 fixed on release 2024-05-15\\n * Reflected Cross-site-scripting =\u003e CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\\n * Insecure Direct Object Reference =\u003e CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\\n * Sensitive Data Stored Insecurely =\u003e CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\\n\\n\\n\\n The following upgrade guide was provided by the vendor:\\n https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide \\n\\n\\n\\n Although initially communicated otherwise during responsible disclosure\\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \\nthe SaaS/cloud version is affected and will also be patched. The patch \\ndate was 2024-02-05, version 2.8.2402.3.\\n\\nSEC Consult also \\nsubmitted further security issues to Kiuwan, such as Docker-related \\nconfiguration issues which were also fixed during our responsible \\ndisclosure.\\n\\n * Sensitive Data Stored Insecurely for MySQL\\n * Sensitive Data displayed for wildfly\\n * Containers Running as root User\\n * Containers running in the host network\\n * Exposure of Internal Services\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe vendor provides a patched version master.1808.p685.q13371 which \\nshould be installed immediately. See the changelog from the vendor:\u003c/p\u003e\u003cp\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\\\"\u003ehttps://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eXML External Entity Injection =\u0026gt; CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eServices Running as Root =\u0026gt; is SAS-6856 and SAS-6857 fixed on release 2024-05-15\u003c/li\u003e\u003cli\u003eReflected Cross-site-scripting =\u0026gt; CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eInsecure Direct Object Reference =\u0026gt; CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eSensitive Data Stored Insecurely =\u0026gt; CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e The following upgrade guide was provided by the vendor:\u003cbr\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\\\"\u003ehttps://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\\n Although initially communicated otherwise during responsible disclosure\\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \\nthe SaaS/cloud version is affected and will also be patched. The patch \\ndate was 2024-02-05, version 2.8.2402.3.\u003c/p\u003e\u003cp\u003eSEC Consult also \\nsubmitted further security issues to Kiuwan, such as Docker-related \\nconfiguration issues which were also fixed during our responsible \\ndisclosure.\u003c/p\u003e\u003cul\u003e\u003cli\u003eSensitive Data Stored Insecurely for MySQL\u003c/li\u003e\u003cli\u003eSensitive Data displayed for wildfly\u003c/li\u003e\u003cli\u003eContainers Running as root User\u003c/li\u003e\u003cli\u003eContainers running in the host network\u003c/li\u003e\u003cli\u003eExposure of Internal Services\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://r.sec-consult.com/kiuwan\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web \\napplication (either on-premises or cloud/SaaS solution), the transmitted data \\nconsists of a ZIP archive containing several files, some of them in the \\nXML file format. During Kiuwan\u0027s server-side processing of these XML \\nfiles, it resolves external XML entities, resulting in a XML external \\nentity injection attack.\\u00a0An attacker with privileges to scan \\nsource code within the \\\"Code Security\\\" module is able to extract any \\nfiles of the operating system with the rights of the application server \\nuser and is potentially able to gain sensitive files, such as \\nconfiguration and passwords. Furthermore, this vulnerability also allows\\n an attacker to initiate connections to internal systems, e.g. for port \\nscans or accessing other internal functions / applications such as the \\nWildfly admin console of Kiuwan.\\n\\nThis issue affects Kiuwan SAST: \u003cmaster.1808.p685.q13371\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eWhen the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web \\napplication (either on-premises or cloud/SaaS solution), the transmitted data \\nconsists of a ZIP archive containing several files, some of them in the \\nXML file format. During Kiuwan\u0027s server-side processing of these XML \\nfiles, it resolves external XML entities, resulting in a XML external \\nentity injection attack.\u0026nbsp;\u003cspan style=\\\"background-color: var(--wht);\\\"\u003eAn attacker with privileges to scan \\nsource code within the \\\"Code Security\\\" module is able to extract any \\nfiles of the operating system with the rights of the application server \\nuser and is potentially able to gain sensitive files, such as \\nconfiguration and passwords. Furthermore, this vulnerability also allows\\n an attacker to initiate connections to internal systems, e.g. for port \\nscans or accessing other internal functions / applications such as the \\nWildfly admin console of Kiuwan.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Kiuwan SAST: \u0026lt;master.1808.p685.q13371\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-611\", \"description\": \"CWE-611 Improper Restriction of XML External Entity Reference\"}]}], \"providerMetadata\": {\"orgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"shortName\": \"SEC-VLab\", \"dateUpdated\": \"2024-06-20T12:29:34.997Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-49110\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T17:13:01.132Z\", \"dateReserved\": \"2023-11-22T11:08:37.654Z\", \"assignerOrgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"datePublished\": \"2024-06-20T12:29:34.997Z\", \"assignerShortName\": \"SEC-VLab\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…