Knowage
by Knowagelabs
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-13349 | Med | 0.32 | 4.9 | 0.01 | Sep 5, 2019 | In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. | ||
| CVE-2021-30057 | Med | 0.31 | 4.8 | 0.01 | Apr 5, 2021 | A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters. | ||
| CVE-2025-55007 | Low | 0.23 | 3.5 | 0.00 | Sep 1, 2025 | Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response,… | ||
| CVE-2025-58441 | 0.00 | — | 0.00 | Jan 7, 2026 | Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the… | |||
| CVE-2025-59954 | Cri | 0.00 | 9.8 | 0.01 | Sep 30, 2025 | Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27. |
- risk 0.32cvss 4.9epss 0.01
In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.
- risk 0.31cvss 4.8epss 0.01
A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.
- risk 0.23cvss 3.5epss 0.00
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response,…
- CVE-2025-58441Jan 7, 2026risk 0.00cvss —epss 0.00
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the…
- risk 0.00cvss 9.8epss 0.01
Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27.
Page 2 of 2