VYPR

KNIME

by Knime

CVEs (2)

  • CVE-2021-45096MedDec 16, 2021
    risk 0.31cvss 4.7epss 0.01

    KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.

  • CVE-2021-45097LowDec 16, 2021
    risk 0.19cvss 2.9epss 0.00

    KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.