Knime Analytics Platform
CVE-2022-31500
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.
AnalysisAI
In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. Affected products include: Knime Knime Analytics Platform.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.
More in Knime Analytics Platform
View allA directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above c
An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. Rated
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today