VYPR

Knime Server

by Knime

CVEs (4)

  • CVE-2021-44726HigDec 8, 2021
    risk 0.57cvss 8.8epss 0.01

    KNIME Server before 4.13.4 allows XSS via the old WebPortal login page.

  • CVE-2021-44725HigDec 8, 2021
    risk 0.49cvss 7.5epss 0.02

    KNIME Server before 4.13.4 allows directory traversal in a request for a client profile.

  • CVE-2022-44748HigNov 24, 2022
    risk 0.46cvss 7.1epss 0.01

    A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that,…

  • CVE-2021-45097LowDec 16, 2021
    risk 0.19cvss 2.9epss 0.00

    KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.