CVE-2023-49112 (GCVE-0-2023-49112)
Vulnerability from cvelistv5
Published
2024-06-20 12:36
Modified
2025-11-04 17:13
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even though they have not been granted the necessary rights to do so. This issue affects Kiuwan SAST: <master.1808.p685.q13371
References
Impacted products
Vendor Product Version
Kiuwan SAST Version: <master.1808.p685.q13371   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:kiuwan:sast:master.1808.p685.q13371:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "sast",
            "vendor": "kiuwan",
            "versions": [
              {
                "status": "affected",
                "version": "master.1808.p685.q13371"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-49112",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-27T19:07:32.893224Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-639",
                "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-28T19:14:56.847Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:13:04.026Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://r.sec-consult.com/kiuwan"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Jun/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "SAST",
          "vendor": "Kiuwan",
          "versions": [
            {
              "status": "affected",
              "version": "\u003cmaster.1808.p685.q13371",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Constantin Schwarz"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Johannes Greil"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eKiuwan provides an API endpoint\u003c/p\u003e\u003cpre\u003e\u003ccode\u003e/saas/rest/v1/info/application\u003c/code\u003e\u003c/pre\u003eto get information about any \napplication, providing only its name via the \"application\" parameter. This endpoint lacks proper access \ncontrol mechanisms, allowing other authenticated users to read \ninformation about applications, even though they have not been granted \nthe necessary rights to do so.\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Kiuwan SAST: \u0026lt;master.1808.p685.q13371\u003c/p\u003e"
            }
          ],
          "value": "Kiuwan provides an API endpoint\n\n/saas/rest/v1/info/application\n\nto get information about any \napplication, providing only its name via the \"application\" parameter. This endpoint lacks proper access \ncontrol mechanisms, allowing other authenticated users to read \ninformation about applications, even though they have not been granted \nthe necessary rights to do so.\n\n\n\nThis issue affects Kiuwan SAST: \u003cmaster.1808.p685.q13371"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-20T12:36:18.575Z",
        "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "shortName": "SEC-VLab"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://r.sec-consult.com/kiuwan"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\"\u003ehttps://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eXML External Entity Injection =\u0026gt; CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eServices Running as Root =\u0026gt; is SAS-6856 and SAS-6857 fixed on release 2024-05-15\u003c/li\u003e\u003cli\u003eReflected Cross-site-scripting =\u0026gt; CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eInsecure Direct Object Reference =\u0026gt; CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eSensitive Data Stored Insecurely =\u0026gt; CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e The following upgrade guide was provided by the vendor:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\"\u003ehttps://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.\u003c/p\u003e\u003cp\u003eSEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.\u003c/p\u003e\u003cul\u003e\u003cli\u003eSensitive Data Stored Insecurely for MySQL\u003c/li\u003e\u003cli\u003eSensitive Data displayed for wildfly\u003c/li\u003e\u003cli\u003eContainers Running as root User\u003c/li\u003e\u003cli\u003eContainers running in the host network\u003c/li\u003e\u003cli\u003eExposure of Internal Services\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
            }
          ],
          "value": "The vendor provides a patched version master.1808.p685.q13371 which \nshould be installed immediately. See the changelog from the vendor:\n\n https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log \n\n  *  XML External Entity Injection =\u003e CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\n  *  Services Running as Root =\u003e is SAS-6856 and SAS-6857 fixed on release 2024-05-15\n  *  Reflected Cross-site-scripting =\u003e CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\n  *  Insecure Direct Object Reference =\u003e CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\n  *  Sensitive Data Stored Insecurely =\u003e CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\n\n\n\n The following upgrade guide was provided by the vendor:\n https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide \n\n\n\n Although initially communicated otherwise during responsible disclosure\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \nthe SaaS/cloud version is affected and will also be patched. The patch \ndate was 2024-02-05, version 2.8.2402.3.\n\nSEC Consult also \nsubmitted further security issues to Kiuwan, such as Docker-related \nconfiguration issues which were also fixed during our responsible \ndisclosure.\n\n  *  Sensitive Data Stored Insecurely for MySQL\n  *  Sensitive Data displayed for wildfly\n  *  Containers Running as root User\n  *  Containers running in the host network\n  *  Exposure of Internal Services"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Insecure Direct Object Reference in Kiuwan SAST",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
    "assignerShortName": "SEC-VLab",
    "cveId": "CVE-2023-49112",
    "datePublished": "2024-06-20T12:36:18.575Z",
    "dateReserved": "2023-11-22T11:08:37.654Z",
    "dateUpdated": "2025-11-04T17:13:04.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-49112\",\"sourceIdentifier\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"published\":\"2024-06-20T13:15:49.480\",\"lastModified\":\"2025-11-04T18:15:43.530\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Kiuwan provides an API endpoint\\n\\n/saas/rest/v1/info/application\\n\\nto get information about any \\napplication, providing only its name via the \\\"application\\\" parameter. This endpoint lacks proper access \\ncontrol mechanisms, allowing other authenticated users to read \\ninformation about applications, even though they have not been granted \\nthe necessary rights to do so.\\n\\n\\n\\nThis issue affects Kiuwan SAST: \u003cmaster.1808.p685.q13371\"},{\"lang\":\"es\",\"value\":\"Kiuwan proporciona un endpoint API /saas/rest/v1/info/application para obtener informaci\u00f3n sobre cualquier aplicaci\u00f3n, proporcionando solo su nombre a trav\u00e9s del par\u00e1metro \\\"application\\\". Este endpoint carece de mecanismos de control de acceso adecuados, lo que permite a otros usuarios autenticados leer informaci\u00f3n sobre las aplicaciones, aunque no se les hayan otorgado los derechos necesarios para hacerlo. Este problema afecta a Kiuwan SAST: \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"references\":[{\"url\":\"https://r.sec-consult.com/kiuwan\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jun/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://r.sec-consult.com/kiuwan\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://r.sec-consult.com/kiuwan\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\", \"tags\": [\"release-notes\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jun/3\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T17:13:04.026Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-49112\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-27T19:07:32.893224Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:kiuwan:sast:master.1808.p685.q13371:*:*:*:*:*:*:*\"], \"vendor\": \"kiuwan\", \"product\": \"sast\", \"versions\": [{\"status\": \"affected\", \"version\": \"master.1808.p685.q13371\"}], \"defaultStatus\": \"affected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-639\", \"description\": \"CWE-639 Authorization Bypass Through User-Controlled Key\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-28T19:09:38.468Z\"}}], \"cna\": {\"title\": \"Insecure Direct Object Reference in Kiuwan SAST\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Constantin Schwarz\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Johannes Greil\"}], \"affected\": [{\"vendor\": \"Kiuwan\", \"product\": \"SAST\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003cmaster.1808.p685.q13371\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The vendor provides a patched version master.1808.p685.q13371 which \\nshould be installed immediately. See the changelog from the vendor:\\n\\n https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log \\n\\n  *  XML External Entity Injection =\u003e CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\\n  *  Services Running as Root =\u003e is SAS-6856 and SAS-6857 fixed on release 2024-05-15\\n  *  Reflected Cross-site-scripting =\u003e CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\\n  *  Insecure Direct Object Reference =\u003e CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\\n  *  Sensitive Data Stored Insecurely =\u003e CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\\n\\n\\n\\n The following upgrade guide was provided by the vendor:\\n https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide \\n\\n\\n\\n Although initially communicated otherwise during responsible disclosure\\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \\nthe SaaS/cloud version is affected and will also be patched. The patch \\ndate was 2024-02-05, version 2.8.2402.3.\\n\\nSEC Consult also \\nsubmitted further security issues to Kiuwan, such as Docker-related \\nconfiguration issues which were also fixed during our responsible \\ndisclosure.\\n\\n  *  Sensitive Data Stored Insecurely for MySQL\\n  *  Sensitive Data displayed for wildfly\\n  *  Containers Running as root User\\n  *  Containers running in the host network\\n  *  Exposure of Internal Services\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe vendor provides a patched version master.1808.p685.q13371 which \\nshould be installed immediately. See the changelog from the vendor:\u003c/p\u003e\u003cp\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\\\"\u003ehttps://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eXML External Entity Injection =\u0026gt; CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eServices Running as Root =\u0026gt; is SAS-6856 and SAS-6857 fixed on release 2024-05-15\u003c/li\u003e\u003cli\u003eReflected Cross-site-scripting =\u0026gt; CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eInsecure Direct Object Reference =\u0026gt; CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06\u003c/li\u003e\u003cli\u003eSensitive Data Stored Insecurely =\u0026gt; CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e The following upgrade guide was provided by the vendor:\u003cbr\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\\\"\u003ehttps://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\\n Although initially communicated otherwise during responsible disclosure\\n in 2022-2023 (see timeline above), the vendor confirmed in 2024 that \\nthe SaaS/cloud version is affected and will also be patched. The patch \\ndate was 2024-02-05, version 2.8.2402.3.\u003c/p\u003e\u003cp\u003eSEC Consult also \\nsubmitted further security issues to Kiuwan, such as Docker-related \\nconfiguration issues which were also fixed during our responsible \\ndisclosure.\u003c/p\u003e\u003cul\u003e\u003cli\u003eSensitive Data Stored Insecurely for MySQL\u003c/li\u003e\u003cli\u003eSensitive Data displayed for wildfly\u003c/li\u003e\u003cli\u003eContainers Running as root User\u003c/li\u003e\u003cli\u003eContainers running in the host network\u003c/li\u003e\u003cli\u003eExposure of Internal Services\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://r.sec-consult.com/kiuwan\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Kiuwan provides an API endpoint\\n\\n/saas/rest/v1/info/application\\n\\nto get information about any \\napplication, providing only its name via the \\\"application\\\" parameter. This endpoint lacks proper access \\ncontrol mechanisms, allowing other authenticated users to read \\ninformation about applications, even though they have not been granted \\nthe necessary rights to do so.\\n\\n\\n\\nThis issue affects Kiuwan SAST: \u003cmaster.1808.p685.q13371\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eKiuwan provides an API endpoint\u003c/p\u003e\u003cpre\u003e\u003ccode\u003e/saas/rest/v1/info/application\u003c/code\u003e\u003c/pre\u003eto get information about any \\napplication, providing only its name via the \\\"application\\\" parameter. This endpoint lacks proper access \\ncontrol mechanisms, allowing other authenticated users to read \\ninformation about applications, even though they have not been granted \\nthe necessary rights to do so.\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Kiuwan SAST: \u0026lt;master.1808.p685.q13371\u003c/p\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"shortName\": \"SEC-VLab\", \"dateUpdated\": \"2024-06-20T12:36:18.575Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-49112\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T17:13:04.026Z\", \"dateReserved\": \"2023-11-22T11:08:37.654Z\", \"assignerOrgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"datePublished\": \"2024-06-20T12:36:18.575Z\", \"assignerShortName\": \"SEC-VLab\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.