Vulnerabilities > Knime > Knime Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-24 | CVE-2022-44748 | Path Traversal vulnerability in Knime Server 4.12.5/4.13.3/4.13.4 A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. | 7.5 |
| 2021-12-16 | CVE-2021-45097 | Insufficiently Protected Credentials vulnerability in Knime Server 4.12.5/4.13.3 KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content. | 5.5 |
| 2021-12-08 | CVE-2021-44725 | Path Traversal vulnerability in Knime Server 4.12.5/4.13.3 KNIME Server before 4.13.4 allows directory traversal in a request for a client profile. | 7.5 |
| 2021-12-08 | CVE-2021-44726 | Cross-site Scripting vulnerability in Knime Server 4.12.5/4.13.3 KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. | 6.1 |