CVE-2023-49111 (GCVE-0-2023-49111)
Vulnerability from cvelistv5
Published
2024-06-20 12:34
Modified
2025-11-04 17:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
For Kiuwan installations with SSO (single sign-on) enabled, an
unauthenticated reflected cross-site scripting attack can be performed
on the login page "login.html". This is possible due to the request parameter "message" values
being directly included in a JavaScript block in the response. This is
especially critical in business environments using AD SSO
authentication, e.g. via ADFS, where attackers could potentially steal
AD passwords.
This issue affects Kiuwan SAST: <master.1808.p685.q13371
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kiuwan:sast:master.1808.p685.q13371:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sast",
"vendor": "kiuwan",
"versions": [
{
"status": "affected",
"version": "master.1808.p685.q13371"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49111",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T15:49:11.103182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T18:37:08.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:13:02.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://r.sec-consult.com/kiuwan"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jun/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SAST",
"vendor": "Kiuwan",
"versions": [
{
"status": "affected",
"version": "\u003cmaster.1808.p685.q13371",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Constantin Schwarz"
},
{
"lang": "en",
"type": "coordinator",
"value": "Johannes Greil"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eFor Kiuwan installations with SSO (single sign-on) enabled, an \nunauthenticated reflected cross-site scripting attack can be performed \non the login page \"login.html\". This is possible due to the request parameter \"message\" values\n being directly included in a JavaScript block in the response. This is \nespecially critical in business environments using AD SSO \nauthentication, e.g. via ADFS, where attackers could potentially steal \nAD passwords.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Kiuwan SAST: \u0026lt;master.1808.p685.q13371\u003c/p\u003e"
}
],
"value": "For Kiuwan installations with SSO (single sign-on) enabled, an \nunauthenticated reflected cross-site scripting attack can be performed \non the login page \"login.html\". This is possible due to the request parameter \"message\" values\n being directly included in a JavaScript block in the response. This is \nespecially critical in business environments using AD SSO \nauthentication, e.g. via ADFS, where attackers could potentially steal \nAD passwords.\n\n\n\nThis issue affects Kiuwan SAST: \u003cmaster.1808.p685.q13371"
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T12:34:38.170Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/kiuwan"
},
{
"tags": [
"release-notes"
],
"url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\"\u003ehttps://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eXML External Entity Injection =\u0026gt; CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eServices Running as Root =\u0026gt; is SAS-6856 and SAS-6857 fixed on release 2024-05-15\u003c/li\u003e\u003cli\u003eReflected Cross-site-scripting =\u0026gt; CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eInsecure Direct Object Reference =\u0026gt; CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eSensitive Data Stored Insecurely =\u0026gt; CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e The following upgrade guide was provided by the vendor:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\"\u003ehttps://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.\u003c/p\u003e\u003cp\u003eSEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.\u003c/p\u003e\u003cul\u003e\u003cli\u003eSensitive Data Stored Insecurely for MySQL\u003c/li\u003e\u003cli\u003eSensitive Data displayed for wildfly\u003c/li\u003e\u003cli\u003eContainers Running as root User\u003c/li\u003e\u003cli\u003eContainers running in the host network\u003c/li\u003e\u003cli\u003eExposure of Internal Services\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:\n\n https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log \n\n * XML External Entity Injection =\u003e CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\n * Services Running as Root =\u003e is SAS-6856 and SAS-6857 fixed on release 2024-05-15\n * Reflected Cross-site-scripting =\u003e CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\n * Insecure Direct Object Reference =\u003e CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\n * Sensitive Data Stored Insecurely =\u003e CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\n\n\n\n The following upgrade guide was provided by the vendor:\n https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide \n\n\n\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.\n\nSEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.\n\n * Sensitive Data Stored Insecurely for MySQL\n * Sensitive Data displayed for wildfly\n * Containers Running as root User\n * Containers running in the host network\n * Exposure of Internal Services"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected Cross-Site-Scripting in Kiuwan SAST",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2023-49111",
"datePublished": "2024-06-20T12:34:38.170Z",
"dateReserved": "2023-11-22T11:08:37.654Z",
"dateUpdated": "2025-11-04T17:13:02.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-49111\",\"sourceIdentifier\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"published\":\"2024-06-20T13:15:49.380\",\"lastModified\":\"2025-11-04T18:15:43.390\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"For Kiuwan installations with SSO (single sign-on) enabled, an \\nunauthenticated reflected cross-site scripting attack can be performed \\non the login page \\\"login.html\\\". This is possible due to the request parameter \\\"message\\\" values\\n being directly included in a JavaScript block in the response. This is \\nespecially critical in business environments using AD SSO \\nauthentication, e.g. via ADFS, where attackers could potentially steal \\nAD passwords.\\n\\n\\n\\nThis issue affects Kiuwan SAST: \u003cmaster.1808.p685.q13371\"},{\"lang\":\"es\",\"value\":\"Para las instalaciones de Kiuwan con SSO (inicio de sesi\u00f3n \u00fanico) habilitado, se puede realizar un ataque de Cross Site Scripting reflejado no autenticado en la p\u00e1gina de inicio de sesi\u00f3n \\\"login.html\\\". Esto es posible debido a que los valores de \\\"mensaje\\\" del par\u00e1metro de solicitud se incluyen directamente en un bloque de JavaScript en la respuesta. Esto es especialmente cr\u00edtico en entornos empresariales que utilizan autenticaci\u00f3n AD SSO, por ejemplo, a trav\u00e9s de ADFS, donde los atacantes podr\u00edan potencialmente robar contrase\u00f1as de AD. Este problema afecta a Kiuwan SAST: \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://r.sec-consult.com/kiuwan\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jun/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://r.sec-consult.com/kiuwan\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://r.sec-consult.com/kiuwan\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\", \"tags\": [\"release-notes\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jun/3\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T17:13:02.645Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-49111\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-01T15:49:11.103182Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:kiuwan:sast:master.1808.p685.q13371:*:*:*:*:*:*:*\"], \"vendor\": \"kiuwan\", \"product\": \"sast\", \"versions\": [{\"status\": \"affected\", \"version\": \"master.1808.p685.q13371\"}], \"defaultStatus\": \"affected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-01T15:47:16.353Z\"}}], \"cna\": {\"title\": \"Reflected Cross-Site-Scripting in Kiuwan SAST\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Constantin Schwarz\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Johannes Greil\"}], \"impacts\": [{\"capecId\": \"CAPEC-593\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-593 Session Hijacking\"}]}], \"affected\": [{\"vendor\": \"Kiuwan\", \"product\": \"SAST\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003cmaster.1808.p685.q13371\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The vendor provides a patched version master.1808.p685.q13371 which \\nshould be installed immediately. See the changelog from the vendor:\\n\\n https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log \\n\\n * XML External Entity Injection =\u003e CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\\n * Services Running as Root =\u003e is SAS-6856 and SAS-6857 fixed on release 2024-05-15\\n * Reflected Cross-site-scripting =\u003e CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\\n * Insecure Direct Object Reference =\u003e CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\\n * Sensitive Data Stored Insecurely =\u003e CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\\n\\n\\n\\n The following upgrade guide was provided by the vendor:\\n https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide \\n\\n\\n\\n Although initially communicated otherwise during responsible disclosure\\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \\nthe SaaS/cloud version is affected and will also be patched. The patch \\ndate was 2024-02-05, version 2.8.2402.3.\\n\\nSEC Consult also \\nsubmitted further security issues to Kiuwan, such as Docker-related \\nconfiguration issues which were also fixed during our responsible \\ndisclosure.\\n\\n * Sensitive Data Stored Insecurely for MySQL\\n * Sensitive Data displayed for wildfly\\n * Containers Running as root User\\n * Containers running in the host network\\n * Exposure of Internal Services\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe vendor provides a patched version master.1808.p685.q13371 which \\nshould be installed immediately. See the changelog from the vendor:\u003c/p\u003e\u003cp\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\\\"\u003ehttps://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eXML External Entity Injection =\u0026gt; CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eServices Running as Root =\u0026gt; is SAS-6856 and SAS-6857 fixed on release 2024-05-15\u003c/li\u003e\u003cli\u003eReflected Cross-site-scripting =\u0026gt; CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eInsecure Direct Object Reference =\u0026gt; CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eSensitive Data Stored Insecurely =\u0026gt; CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e The following upgrade guide was provided by the vendor:\u003cbr\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\\\"\u003ehttps://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\\n Although initially communicated otherwise during responsible disclosure\\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \\nthe SaaS/cloud version is affected and will also be patched. The patch \\ndate was 2024-02-05, version 2.8.2402.3.\u003c/p\u003e\u003cp\u003eSEC Consult also \\nsubmitted further security issues to Kiuwan, such as Docker-related \\nconfiguration issues which were also fixed during our responsible \\ndisclosure.\u003c/p\u003e\u003cul\u003e\u003cli\u003eSensitive Data Stored Insecurely for MySQL\u003c/li\u003e\u003cli\u003eSensitive Data displayed for wildfly\u003c/li\u003e\u003cli\u003eContainers Running as root User\u003c/li\u003e\u003cli\u003eContainers running in the host network\u003c/li\u003e\u003cli\u003eExposure of Internal Services\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://r.sec-consult.com/kiuwan\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"For Kiuwan installations with SSO (single sign-on) enabled, an \\nunauthenticated reflected cross-site scripting attack can be performed \\non the login page \\\"login.html\\\". This is possible due to the request parameter \\\"message\\\" values\\n being directly included in a JavaScript block in the response. This is \\nespecially critical in business environments using AD SSO \\nauthentication, e.g. via ADFS, where attackers could potentially steal \\nAD passwords.\\n\\n\\n\\nThis issue affects Kiuwan SAST: \u003cmaster.1808.p685.q13371\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003c/p\u003e\u003cp\u003eFor Kiuwan installations with SSO (single sign-on) enabled, an \\nunauthenticated reflected cross-site scripting attack can be performed \\non the login page \\\"login.html\\\". This is possible due to the request parameter \\\"message\\\" values\\n being directly included in a JavaScript block in the response. This is \\nespecially critical in business environments using AD SSO \\nauthentication, e.g. via ADFS, where attackers could potentially steal \\nAD passwords.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Kiuwan SAST: \u0026lt;master.1808.p685.q13371\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"shortName\": \"SEC-VLab\", \"dateUpdated\": \"2024-06-20T12:34:38.170Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-49111\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T17:13:02.645Z\", \"dateReserved\": \"2023-11-22T11:08:37.654Z\", \"assignerOrgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"datePublished\": \"2024-06-20T12:34:38.170Z\", \"assignerShortName\": \"SEC-VLab\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…