VYPR
Medium severity4.3NVD Advisory· Published Jun 7, 2023· Updated Jun 17, 2026

CVE-2023-3140

CVE-2023-3140

Description

Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Knime/Business Hubllm-fuzzy2 versions
    <1.4.0+ 1 more
    • (no CPE)range: <1.4.0
    • (no CPE)range: 1.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.