VYPR

Kiuwan Sast

by Kiuwan

CVEs (5)

  • CVE-2023-49113HigJun 20, 2024
    risk 0.51cvss 7.8epss 0.00

    The Kiuwan Local Analyzer (KLA) Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local…

  • CVE-2023-49110HigJun 20, 2024
    risk 0.47cvss 7.2epss 0.01

    When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side…

  • CVE-2023-49112MedJun 20, 2024
    risk 0.42cvss 6.5epss 0.01

    Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information…

  • CVE-2023-49111MedJun 20, 2024
    risk 0.42cvss 6.5epss 0.01

    For Kiuwan installations with SSO (single sign-on) enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block…

  • CVE-2026-24069MedApr 14, 2026
    risk 0.35cvss 5.4epss 0.00

    Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.