Knime Analytics Platform
Monthly
An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.