Vulnerabilities > Knowage Suite

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-05	CVE-2019-14278	Unspecified vulnerability in Knowage-Suite Knowage In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page. network low complexity knowage-suite	5.3
2019-09-05	CVE-2019-13349	Insufficiently Protected Credentials vulnerability in Knowage-Suite Knowage In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. network low complexity knowage-suite CWE-522	4.9
2018-06-13	CVE-2018-12354	Cross-Site Request Forgery (CSRF) vulnerability in Knowage-Suite Knowage 6.1.1 Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request. network low complexity knowage-suite CWE-352	8.8
2018-06-13	CVE-2018-12353	Cross-site Scripting vulnerability in Knowage-Suite Knowage 6.1.1 Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue. network low complexity knowage-suite CWE-79	6.1

Vulnerabilities > Knowage Suite {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Knowage Suite"}]}