Skip to main content

Business Hub

9 CVEs product

Monthly

CVE-2025-14262 MEDIUM PATCH This Month

A security vulnerability in KNIME Business Hub (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Business Hub
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-11240 HIGH PATCH This Week

An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME Business Hub installation which, when opened by the user, redirects the user to a page of the attackers choice. This might open the possibility for fishing or other similar attacks. The problem has been fixed in KNIME Business Hub 1.16.0.

Open Redirect Business Hub
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-11239 MEDIUM PATCH This Month

Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown to team members. Only the creator of a job can see all information including in- and output data (if present).

Authentication Bypass Business Hub
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-3019 MEDIUM This Month

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Business Hub
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-2402 HIGH This Week

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Business Hub
NVD GitHub
CVSS 4.0
8.8
EPSS
0.5%
CVE-2025-2787 HIGH This Week

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Nginx Kubernetes Business Hub
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-6598 HIGH This Week

A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Business Hub
NVD
CVSS 4.0
7.1
EPSS
0.5%
CVE-2023-3140 MEDIUM This Month

Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Business Hub
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-2541 MEDIUM This Month

The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Business Hub
NVD
CVSS 3.1
5.3
EPSS
0.6%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A security vulnerability in KNIME Business Hub (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Business Hub
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME Business Hub installation which, when opened by the user, redirects the user to a page of the attackers choice. This might open the possibility for fishing or other similar attacks. The problem has been fixed in KNIME Business Hub 1.16.0.

Open Redirect Business Hub
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown to team members. Only the creator of a job can see all information including in- and output data (if present).

Authentication Bypass Business Hub
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Business Hub
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Business Hub
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Nginx +2
NVD
EPSS 1% CVSS 7.1
HIGH This Week

A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Business Hub
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Business Hub
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Business Hub
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy