Vulnerabilities > ENG > Knowage > 6.1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-05 | CVE-2019-13190 | Improper Authentication vulnerability in ENG Knowage 6.1.0/6.1.1 In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. | 5.3 |
| 2019-08-28 | CVE-2019-13348 | Insufficiently Protected Credentials vulnerability in ENG Knowage In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases. | 8.8 |
| 2019-08-28 | CVE-2019-13189 | Cross-site Scripting vulnerability in ENG Knowage In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. | 6.1 |
| 2018-06-13 | CVE-2018-12355 | Cross-site Scripting vulnerability in ENG Knowage 6.1.1 Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue. | 6.1 |