Vulnerabilities > Knowage Suite > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-05 | CVE-2019-14278 | Unspecified vulnerability in Knowage-Suite Knowage In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page. | 5.3 |
| 2019-09-05 | CVE-2019-13349 | Insufficiently Protected Credentials vulnerability in Knowage-Suite Knowage In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. | 4.9 |
| 2018-06-13 | CVE-2018-12353 | Cross-site Scripting vulnerability in Knowage-Suite Knowage 6.1.1 Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue. | 6.1 |