VYPR
Critical severity9.9NVD Advisory· Published Aug 4, 2023· Updated Jun 17, 2026

CVE-2023-38702

CVE-2023-38702

Description

Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to /knowageqbeengine/foo.jsp to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the knowageqbeengine directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Knowagelabs/Knowage Serverllm-fuzzy2 versions
    >=6.0.0, <8.1.8+ 1 more
    • (no CPE)range: >=6.0.0, <8.1.8
    • (no CPE)range: >= 6.0.0, < 8.1.8

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.