Vulnerabilities > ENG > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-14 | CVE-2023-37472 | SQL Injection vulnerability in ENG Knowage Knowage is an open source suite for business analytics. | 6.5 |
| 2023-07-03 | CVE-2023-36819 | Path Traversal vulnerability in ENG Knowage Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. | 6.5 |
| 2023-06-23 | CVE-2023-35154 | Improper Authentication vulnerability in ENG Knowage Knowage is an open source analytics and business intelligence suite. | 6.5 |
| 2022-10-13 | CVE-2022-39295 | Cross-site Scripting vulnerability in ENG Knowage Knowage is an open source suite for modern business analytics alternative over big data systems. | 6.1 |
| 2021-05-12 | CVE-2021-30213 | Cross-site Scripting vulnerability in ENG Knowage 7.3.0 Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). | 4.3 |
| 2021-04-05 | CVE-2021-30058 | Cross-site Scripting vulnerability in ENG Knowage Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). | 4.3 |
| 2021-04-05 | CVE-2021-30055 | SQL Injection vulnerability in ENG Knowage A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report. | 6.5 |
| 2019-11-22 | CVE-2013-6234 | Unrestricted Upload of File with Dangerous Type vulnerability in ENG Spagobi 4.0 Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload." | 6.0 |
| 2019-09-05 | CVE-2019-13188 | Improper Authentication vulnerability in ENG Knowage In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application. | 5.0 |
| 2019-09-05 | CVE-2019-13190 | Improper Authentication vulnerability in ENG Knowage 6.1.0/6.1.1 In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. | 5.0 |