Kw-Fscheuer

**Name of the Vulnerable Software and Affected Versions** Kiteworks versions prior to 9.3.0 **Description** An Insecure Direct Object Reference (IDOR) issue in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with internal approval flow configurations of forms belonging to other users. This occurs because of insufficient authorization checks on resource ownership. **Recommendations** Upgrade to version 9.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** Kiteworks versions prior to 9.3.0 **Description** Kiteworks is a private data network (PDN). An Insecure Direct Object Reference (IDOR)—a flaw where an application provides direct access to objects based on user-supplied input—exists in Kiteworks Secure Data Forms. This allows an authenticated user to modify resources belonging to other users because of insufficient authorization checks on resource ownership. **Recommendations** Upgrade to version 9.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** Kiteworks versions prior to 9.2.0 **Description** Kiteworks Email Protection Gateway contains a flaw that allows authenticated administrators to inject malicious scripts through a configuration interface. These scripts execute when users interact with the affected user interface. **Recommendations** Update to version 9.2.0 or later.