CVE-2023-49110
📋 TL;DR
This XXE vulnerability in Kiuwan SAST allows authenticated attackers to read arbitrary files from the server and perform internal network reconnaissance. It affects Kiuwan SAST versions before master.1808.p685.q13371 when processing uploaded scan results.
💻 Affected Systems
- Kiuwan SAST
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise via sensitive file extraction (passwords, configs) and internal network access leading to lateral movement.
Likely Case
Unauthorized file access to server configuration files and credentials stored on the Kiuwan server.
If Mitigated
Limited impact if proper network segmentation and file permissions restrict server access.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained. Public disclosure includes technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: master.1808.p685.q13371 or later
Vendor Advisory: https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log
Restart Required: Yes
Instructions:
1. Update Kiuwan SAST to version master.1808.p685.q13371 or later. 2. Restart the Kiuwan application server. 3. Verify XML external entity processing is disabled.
🔧 Temporary Workarounds
Disable XXE Processing
allConfigure the application server to disable external entity resolution in XML parsers.
Configure XML parsers to set FEATURE_SECURE_PROCESSING=true and disable external entities
Restrict File Access
linuxLimit application server user permissions to only necessary directories.
chmod 750 /path/to/kiuwan/config
chown kiuwan:kiuwan /path/to/kiuwan
🧯 If You Can't Patch
- Implement strict access controls to the Code Security module and monitor for unusual scan activity.
- Segment the Kiuwan server network to prevent internal reconnaissance and limit file system access.
🔍 How to Verify
Check if Vulnerable:
Check Kiuwan SAST version in admin interface or configuration files. Versions before master.1808.p685.q13371 are vulnerable.Check Version:
Check Kiuwan web interface Admin > System Information or examine server configuration files.Verify Fix Applied:
Verify version is master.1808.p685.q13371 or later and test XML upload functionality with XXE payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual XML file uploads in Kiuwan logs
- File access attempts to sensitive paths from Kiuwan process
Network Indicators:
- Outbound connections from Kiuwan server to internal systems not normally accessed
SIEM Query:
source="kiuwan" AND (event="file_upload" OR event="xml_processing") AND size>1000000