Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-49110

Summary
Assigner-SEC-VLab
Assigner Org ID-551230f0-3615-47bd-b7cc-93e92e730bbf
Published At-20 Jun, 2024 | 12:29
Updated At-02 Aug, 2024 | 21:46
Rejected At-
Credits

XML External Entity Injection in Kiuwan SAST

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML files, it resolves external XML entities, resulting in a XML external entity injection attack. An attacker with privileges to scan source code within the "Code Security" module is able to extract any files of the operating system with the rights of the application server user and is potentially able to gain sensitive files, such as configuration and passwords. Furthermore, this vulnerability also allows an attacker to initiate connections to internal systems, e.g. for port scans or accessing other internal functions / applications such as the Wildfly admin console of Kiuwan. This issue affects Kiuwan SAST: <master.1808.p685.q13371

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:SEC-VLab
Assigner Org ID:551230f0-3615-47bd-b7cc-93e92e730bbf
Published At:20 Jun, 2024 | 12:29
Updated At:02 Aug, 2024 | 21:46
Rejected At:
▼CVE Numbering Authority (CNA)
XML External Entity Injection in Kiuwan SAST

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML files, it resolves external XML entities, resulting in a XML external entity injection attack. An attacker with privileges to scan source code within the "Code Security" module is able to extract any files of the operating system with the rights of the application server user and is potentially able to gain sensitive files, such as configuration and passwords. Furthermore, this vulnerability also allows an attacker to initiate connections to internal systems, e.g. for port scans or accessing other internal functions / applications such as the Wildfly admin console of Kiuwan. This issue affects Kiuwan SAST: <master.1808.p685.q13371

Affected Products
Vendor
Kiuwan
Product
SAST
Default Status
affected
Versions
Affected
  • <master.1808.p685.q13371 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-611CWE-611 Improper Restriction of XML External Entity Reference
Type: CWE
CWE ID: CWE-611
Description: CWE-611 Improper Restriction of XML External Entity Reference
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The vendor provides a patched version master.1808.p685.q13371 which should be installed immediately. See the changelog from the vendor: https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log * XML External Entity Injection => CVE-2023-49110 is SAS-6851 fixed on release 2024-02-06 * Services Running as Root => is SAS-6856 and SAS-6857 fixed on release 2024-05-15 * Reflected Cross-site-scripting => CVE-2023-49111 is SAS-6852 fixed on release 2024-02-06 * Insecure Direct Object Reference => CVE-2023-49112 is SAS-6853 fixed on release 2024-02-06 * Sensitive Data Stored Insecurely => CVE-2023-49113 is SAS-6854, SAS-6855, SAS-6858, and SAS-6859 fixed on release 2024-02-06 The following upgrade guide was provided by the vendor: https://www.kiuwan.com/docs/display/K5/Kiuwan+On-Premises+Distributed+Upgrade+Guide Although initially communicated otherwise during responsible disclosure in 2022-2023 (see timeline above), the vendor confirmed in 2024 that the SaaS/cloud version is affected and will also be patched. The patch date was 2024-02-05, version 2.8.2402.3. SEC Consult also submitted further security issues to Kiuwan, such as Docker-related configuration issues which were also fixed during our responsible disclosure. * Sensitive Data Stored Insecurely for MySQL * Sensitive Data displayed for wildfly * Containers Running as root User * Containers running in the host network * Exposure of Internal Services

Configurations
Workarounds
Exploits
Credits
finder
Constantin Schwarz
coordinator
Johannes Greil
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://r.sec-consult.com/kiuwan
third-party-advisory
https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log
release-notes
Hyperlink: https://r.sec-consult.com/kiuwan
Resource:
third-party-advisory
Hyperlink: https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log
Resource:
release-notes
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
kiuwan
Product
sast
CPEs
  • cpe:2.3:a:kiuwan:sast:0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.8.2402.3 (custom)
Vendor
kiuwan
Product
local_analyzer
CPEs
  • cpe:2.3:a:kiuwan:local_analyzer:0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before master.1808.p685.q13371 (custom)
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://r.sec-consult.com/kiuwan
third-party-advisory
x_transferred
https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log
release-notes
x_transferred
Hyperlink: https://r.sec-consult.com/kiuwan
Resource:
third-party-advisory
x_transferred
Hyperlink: https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log
Resource:
release-notes
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:551230f0-3615-47bd-b7cc-93e92e730bbf
Published At:20 Jun, 2024 | 13:15
Updated At:20 Jun, 2024 | 16:07

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML files, it resolves external XML entities, resulting in a XML external entity injection attack. An attacker with privileges to scan source code within the "Code Security" module is able to extract any files of the operating system with the rights of the application server user and is potentially able to gain sensitive files, such as configuration and passwords. Furthermore, this vulnerability also allows an attacker to initiate connections to internal systems, e.g. for port scans or accessing other internal functions / applications such as the Wildfly admin console of Kiuwan. This issue affects Kiuwan SAST: <master.1808.p685.q13371

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-611Secondary551230f0-3615-47bd-b7cc-93e92e730bbf
CWE ID: CWE-611
Type: Secondary
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://r.sec-consult.com/kiuwan551230f0-3615-47bd-b7cc-93e92e730bbf
N/A
https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log551230f0-3615-47bd-b7cc-93e92e730bbf
N/A
Hyperlink: https://r.sec-consult.com/kiuwan
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Resource: N/A
Hyperlink: https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

10Records found
CVE-2024-56322
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.1||LOW
EPSS-0.20% / 42.56%
||
7 Day CHG~0.00%
Published-03 Jan, 2025 | 15:49
Updated-01 Aug, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GoCD vulnerable to XXE injection via abuse of unused XML configuration repository functionality

GoCD is a continuous deliver server. GoCD versions 16.7.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse a hidden/unused configuration repository (pipelines as code) feature to allow XML External Entity (XXE) injection on the GoCD Server which will be executed when GoCD periodically scans configuration repositories for pipeline updates, or is triggered by an administrator or config repo admin. In practice the impact of this vulnerability is limited, in most cases without combining with another vulnerability, as only GoCD (super) admins have the ability to abuse this vulnerability. Typically a malicious GoCD admin can cause much larger damage than that they can do with XXE injection. The issue is fixed in GoCD 24.5.0. As a workaround, prevent external access from the GoCD server to arbitrary locations using some kind of environment egress control.

Action-Not Available
Vendor-thoughtworksgocd
Product-gocdgocd
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2024-50442
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.62%
||
7 Day CHG+0.04%
Published-28 Oct, 2024 | 11:14
Updated-29 Oct, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Royal Elementor Addons and Templates plugin <= 1.3.980 - XML External Entity (XXE) vulnerability

Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through 1.3.980.

Action-Not Available
Vendor-Royal Elementor Addons
Product-royal_elementor_addonsRoyal Elementor Addons
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-42194
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.32% / 54.42%
||
7 Day CHG~0.00%
Published-20 Mar, 2022 | 21:12
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.

Action-Not Available
Vendor-eyoucmsn/a
Product-eyoucmsn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-38584
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.40% / 60.04%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 22:56
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2022-3340
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 38.30%
||
7 Day CHG~0.00%
Published-04 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Trellix IPS Manager vulnerable to XXE

XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.

Action-Not Available
Vendor-Musarubra US LLC (Trellix)
Product-intrusion_prevention_system_managerTrellix IPS Manager
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2020-11885
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.35% / 56.76%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 19:14
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file.

Action-Not Available
Vendor-n/aWSO2 LLC
Product-enterprise_integratorn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-22158
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.21% / 43.15%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 20:52
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected.

Action-Not Available
Vendor-proofpointn/a
Product-insider_threat_managementn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2020-15352
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-6.55% / 90.75%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 04:10
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Action-Not Available
Vendor-n/aIvanti SoftwarePulse Secure
Product-pulse_policy_securepolicy_securepulse_connect_secureconnect_securen/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2020-12719
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.7||HIGH
EPSS-0.40% / 60.04%
||
7 Day CHG~0.00%
Published-07 May, 2020 | 23:40
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.

Action-Not Available
Vendor-n/aWSO2 LLC
Product-identity_server_analyticsapi_microgatewayapi_managerenterprise_integratorapi_manager_analyticsidentity_serveridentity_server_as_key_managern/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-33208
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.94% / 75.30%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 21:52
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.

Action-Not Available
Vendor-softwareagn/a
Product-mashzone_nextgenn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
Details not found