Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

KNIME Security Vulnerabilities

cve
cve

CVE-2023-2541

The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was...

5.3CVSS

5.3AI Score

0.001EPSS

2023-06-07 09:15 AM
14
cve
cve

CVE-2022-44748

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, can....

7.5CVSS

7.9AI Score

0.002EPSS

2022-11-24 07:15 AM
26
9
cve
cve

CVE-2022-44749

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being...

7CVSS

7.4AI Score

0.002EPSS

2022-11-24 07:15 AM
20
7
cve
cve

CVE-2023-5562

An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by...

6.1CVSS

6.7AI Score

0.0005EPSS

2023-10-12 08:15 PM
19
cve
cve

CVE-2021-45096

KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka...

4.3CVSS

4.5AI Score

0.001EPSS

2021-12-16 05:15 AM
23
cve
cve

CVE-2021-44725

KNIME Server before 4.13.4 allows directory traversal in a request for a client...

7.5CVSS

7.5AI Score

0.002EPSS

2021-12-08 04:15 AM
19
cve
cve

CVE-2021-44726

KNIME Server before 4.13.4 allows XSS via the old WebPortal login...

6.1CVSS

5.9AI Score

0.001EPSS

2021-12-08 04:15 AM
22
cve
cve

CVE-2021-45097

KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its...

5.5CVSS

5.3AI Score

0.0004EPSS

2021-12-16 05:15 AM
20
4
cve
cve

CVE-2023-3140

Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such...

4.3CVSS

4.7AI Score

0.0005EPSS

2023-06-07 10:15 AM
14
cve
cve

CVE-2022-31500

In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem...

7.8CVSS

7.6AI Score

0.0004EPSS

2022-06-02 02:15 PM
32
5