Kiteworks Secure Data Forms Hardening Overview

This solution brief outlines the security improvements made to Kiteworks Secure Data Forms (SDF) in response to two SQL injection vulnerabilities identified in the shared codebase with 123FormBuilder. The vulnerabilities were assigned a CVSS score of 9.4 (Critical) on 123FormBuilder, while they scored 7.6 (High) on SDF due to the platform's layered hardening measures and single-tenant deployment model. The brief details the discovery process, which involved external security researchers, and emphasizes Kiteworks' commitment to responsible disclosure. It explains the technical aspects of the vulnerabilities, including unrestricted data access and network accessibility, which contributed to the high CVSS score. Additionally, it describes the hardening measures implemented in SDF, such as a secure build process, minimized attack surface, and rearchitected data storage, which collectively enhance security and reduce the risk of data breaches. The document concludes with a comparison of the threat profiles of Critical and High vulnerabilities, emphasizing the practical security improvements achieved through these measures.