{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T21:16:17.441","vulnerabilities":[{"cve":{"id":"CVE-2023-49112","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2024-06-20T13:15:49.480","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kiuwan provides an API endpoint\n\n/saas/rest/v1/info/application\n\nto get information about any \napplication, providing only its name via the \"application\" parameter. This endpoint lacks proper access \ncontrol mechanisms, allowing other authenticated users to read \ninformation about applications, even though they have not been granted \nthe necessary rights to do so.\n\n\n\nThis issue affects Kiuwan SAST: <master.1808.p685.q13371"},{"lang":"es","value":"Kiuwan proporciona un endpoint API /saas/rest/v1/info/application para obtener información sobre cualquier aplicación, proporcionando solo su nombre a través del parámetro \"application\". Este endpoint carece de mecanismos de control de acceso adecuados, lo que permite a otros usuarios autenticados leer información sobre las aplicaciones, aunque no se les hayan otorgado los derechos necesarios para hacerlo. Este problema afecta a Kiuwan SAST: "}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://r.sec-consult.com/kiuwan","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"},{"url":"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"},{"url":"http://seclists.org/fulldisclosure/2024/Jun/3","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://r.sec-consult.com/kiuwan","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}