Vulnerabilities > Knime

DATE CVE VULNERABILITY TITLE RISK
2023-10-12 CVE-2023-5562 Cross-site Scripting vulnerability in Knime Analytics Platform
An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack.
network
low complexity
knime CWE-79
6.1
6.1
2023-06-07 CVE-2023-3140 Improper Restriction of Rendered UI Layers or Frames vulnerability in Knime Business HUB
Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking.
network
low complexity
knime CWE-1021
4.3
4.3
2023-06-07 CVE-2023-2541 Unspecified vulnerability in Knime Business HUB
The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses.
network
low complexity
knime
5.3
5.3
2022-11-24 CVE-2022-44748 Path Traversal vulnerability in Knime Server 4.12.5/4.13.3/4.13.4
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system.
network
high complexity
knime CWE-22
7.5
7.5
2022-11-24 CVE-2022-44749 Path Traversal vulnerability in Knime Analytics Platform
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system.
local
high complexity
knime CWE-22
7.0
7.0
2022-06-02 CVE-2022-31500 Incorrect Default Permissions vulnerability in Knime Analytics Platform
In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.
local
low complexity
knime CWE-276
7.8
7.8
2021-12-16 CVE-2021-45096 XXE vulnerability in Knime Analytics Platform
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.
network
low complexity
knime CWE-611
4.3
4.3
2021-12-16 CVE-2021-45097 Insufficiently Protected Credentials vulnerability in Knime Server 4.12.5/4.13.3
KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.
local
low complexity
knime CWE-522
5.5
5.5
2021-12-08 CVE-2021-44725 Path Traversal vulnerability in Knime Server 4.12.5/4.13.3
KNIME Server before 4.13.4 allows directory traversal in a request for a client profile.
network
low complexity
knime CWE-22
7.5
7.5
2021-12-08 CVE-2021-44726 Cross-site Scripting vulnerability in Knime Server 4.12.5/4.13.3
KNIME Server before 4.13.4 allows XSS via the old WebPortal login page.
network
low complexity
knime CWE-79
6.1
6.1