CVE-2023-49111

Name of the Vulnerable Software and Affected Versions Kiuwan SAST version <master.1808.p685.q13371>

Description The issue allows for an unauthenticated reflected cross-site scripting attack on the login page "login.html" when SSO (single sign-on) is enabled. This is due to the message request parameter values being directly included in a JavaScript block in the response. This is particularly critical in business environments using AD SSO authentication, where attackers could potentially steal AD passwords.

Recommendations For Kiuwan SAST version <master.1808.p685.q13371>, as a temporary workaround, consider restricting access to the "login.html" page or disabling the SSO feature until a patch is available. Avoid using the message parameter in the login page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.