Skip to main content

Knime Analytics Platform

4 CVEs product

Monthly

CVE-2023-5562 MEDIUM This Month

An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Knime Analytics Platform
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-44749 HIGH This Week

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Path Traversal RCE Knime Analytics Platform
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2022-31500 HIGH This Week

In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Knime Analytics Platform
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-45096 MEDIUM This Month

KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Knime Analytics Platform
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%
EPSS 0% CVSS 6.1
MEDIUM This Month

An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Knime Analytics Platform
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Path Traversal RCE Knime Analytics Platform
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Knime Analytics Platform
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Knime Analytics Platform
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy