Knime Server
by Knime
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-44726 | Hig | 0.57 | 8.8 | 0.01 | Dec 8, 2021 | KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. | ||
| CVE-2021-44725 | Hig | 0.49 | 7.5 | 0.02 | Dec 8, 2021 | KNIME Server before 4.13.4 allows directory traversal in a request for a client profile. | ||
| CVE-2022-44748 | Hig | 0.46 | 7.1 | 0.01 | Nov 24, 2022 | A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that,… | ||
| CVE-2021-45097 | Low | 0.19 | 2.9 | 0.00 | Dec 16, 2021 | KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content. |
- risk 0.57cvss 8.8epss 0.01
KNIME Server before 4.13.4 allows XSS via the old WebPortal login page.
- risk 0.49cvss 7.5epss 0.02
KNIME Server before 4.13.4 allows directory traversal in a request for a client profile.
- risk 0.46cvss 7.1epss 0.01
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that,…
- risk 0.19cvss 2.9epss 0.00
KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.