Lucene search

MitreCVELIST:CVE-2021-45097

HistoryDec 16, 2021 - 12:00 a.m.

CVE-2021-45097

2021-12-1600:00:00

mitre

www.cve.org

knime server

vulnerability

password exposure

CVSS3

2.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator’s password in a file without appropriate file access controls, allowing all local users to read its content.

References

github.com/dawid-czarnecki/public-vulnerabilities/tree/master/KNIME/CVE-weak-file-permission

zigrin.com/advisories/knime-server-weak-file-permissions/

CVSS3

2.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-45097