Vulnerabilities > Knime > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-12 | CVE-2023-5562 | Cross-site Scripting vulnerability in Knime Analytics Platform An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. | 6.1 |
| 2023-06-07 | CVE-2023-3140 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Knime Business HUB Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. | 4.3 |
| 2023-06-07 | CVE-2023-2541 | Unspecified vulnerability in Knime Business HUB The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. | 5.3 |
| 2021-12-16 | CVE-2021-45096 | XXE vulnerability in Knime Analytics Platform KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. | 4.3 |
| 2021-12-16 | CVE-2021-45097 | Insufficiently Protected Credentials vulnerability in Knime Server 4.12.5/4.13.3 KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content. | 5.5 |
| 2021-12-08 | CVE-2021-44726 | Cross-site Scripting vulnerability in Knime Server 4.12.5/4.13.3 KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. | 6.1 |