Analytics Platform
by Knime
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5562 | 0.00 | — | 0.00 | Oct 12, 2023 | An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that… | |||
| CVE-2022-44749 | 0.00 | — | 0.00 | Nov 24, 2022 | A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME… | |||
| CVE-2022-31500 | 0.00 | — | 0.00 | May 31, 2022 | In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | |||
| CVE-2021-45096 | 0.00 | — | 0.01 | Dec 16, 2021 | KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. | |||
| CVE-2019-11628 | 0.00 | — | 0.01 | May 1, 2019 | An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3,… |
- CVE-2023-5562Oct 12, 2023risk 0.00cvss —epss 0.00
An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that…
- CVE-2022-44749Nov 24, 2022risk 0.00cvss —epss 0.00
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME…
- CVE-2022-31500May 31, 2022risk 0.00cvss —epss 0.00
In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.
- CVE-2021-45096Dec 16, 2021risk 0.00cvss —epss 0.01
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.
- CVE-2019-11628May 1, 2019risk 0.00cvss —epss 0.01
An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3,…