Skip to main content

Knime Server

4 CVEs product

Monthly

CVE-2022-44748 HIGH This Week

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal RCE Knime Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-45097 MEDIUM This Month

KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Knime Server
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-44726 MEDIUM This Month

KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Knime Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-44725 HIGH This Week

KNIME Server before 4.13.4 allows directory traversal in a request for a client profile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Knime Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
EPSS 1% CVSS 7.5
HIGH This Week

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal RCE Knime Server
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Knime Server
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Knime Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

KNIME Server before 4.13.4 allows directory traversal in a request for a client profile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Knime Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy