XXE in Kiuwan Sast

CVE-2023-49110

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML fil…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.001 (29.1th percentile) — read the EPSS interpretation.

Affected products

Kiuwan Sast — versions <master.1808.p685.q13371

Weakness classification (CWE)

CWE-611 — Improper Restriction of XML External Entity Reference (XXE)

References

r.sec-consult.com/kiuwan (third-party-advisory)
www.kiuwan.com/docs/display/K5/[2024-05-30]+Change+Log (release-notes)