Vulnerabilities > Knime > Knime Analytics Platform > 4.1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-12 | CVE-2023-5562 | Cross-site Scripting vulnerability in Knime Analytics Platform An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. | 6.1 |
| 2022-11-24 | CVE-2022-44749 | Path Traversal vulnerability in Knime Analytics Platform A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. | 7.0 |
| 2022-06-02 | CVE-2022-31500 | Incorrect Default Permissions vulnerability in Knime Analytics Platform In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | 7.8 |
| 2021-12-16 | CVE-2021-45096 | XXE vulnerability in Knime Analytics Platform KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. | 4.3 |