Lucene search
K

223 matches found

Cvelist
Cvelist
added 2023/08/04 6:10 p.m.39 views

CVE-2023-38702 Knowage Server vulnerable to path traversal via upload functionality

Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server, but does not need any authorization to ...

9.9CVSS9.8AI score0.01062EPSS
Exploits1References1
OSV
OSV
added 2023/08/04 6:10 p.m.24 views

CVE-2023-38702 Knowage Server vulnerable to path traversal via upload functionality

Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server, but does not need any authorization to ...

9.9CVSS8.6AI score0.01062EPSS
Exploits1References3
NVD
NVD
added 2023/07/14 9:15 p.m.27 views

CVE-2023-37472

Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint...

7.7CVSS0.00585EPSS
Exploits1References1
Prion
Prion
added 2023/07/14 9:15 p.m.17 views

Sql injection

Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint...

4CVSS6.6AI score0.00585EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/14 8:17 p.m.11 views

CVE-2023-37472 Query injection in Knowage server

Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint...

7.7CVSS7.2AI score0.00585EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/14 8:17 p.m.31 views

CVE-2023-37472 Query injection in Knowage server

Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint...

7.7CVSS7.9AI score0.00585EPSS
Exploits1References1
CVE
CVE
added 2023/07/14 8:17 p.m.56 views

CVE-2023-37472

Knowage exposes a CVE-2023-37472 SQL injection vulnerability in prior to 8.1.8. The issue arises when user-supplied data is used to build HQL queries, allowing crafted queries to affect subsequent SQL executed by Hibernate, specifically via the endpoint /knowage/restful-services/2.0/documents/lis...

7.7CVSS7.1AI score0.00585EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/07/14 8:17 p.m.24 views

CVE-2023-37472 Query injection in Knowage server

Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint...

7.7CVSS6.8AI score0.00585EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/14 12:0 a.m.7 views

Knowage SQL注入漏洞

Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. Knowage suffers from an SQL injection vulnerability. An attacker exploiting this vulnerability could retrieve sensitive information from a database...

7.7CVSS6.7AI score0.00585EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/14 12:0 a.m.10 views

PT-2023-25984 · Knowage · Knowage

Name of the Vulnerable Software and Affected Versions: Knowage versions prior to 8.1.8 Description: Knowage is an open source suite for business analytics that uses user-supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries to break...

7.7CVSS6.7AI score0.00585EPSS
Exploits1References4
NVD
NVD
added 2023/07/03 7:15 p.m.30 views

CVE-2023-36819

Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch...

6.5CVSS6.2AI score0.00791EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/03 6:21 p.m.34 views

CVE-2023-36819 Knowage-Server vulnerable to Path traversal in download functionalities

Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch...

6.5CVSS6.4AI score0.00791EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/03 6:21 p.m.10 views

CVE-2023-36819 Knowage-Server vulnerable to Path traversal in download functionalities

Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch...

6.5CVSS6.6AI score0.00791EPSS
Exploits1References1
CVE
CVE
added 2023/07/03 6:21 p.m.41 views

CVE-2023-36819

Knowage Server suffers a path-traversal vulnerability in the download template endpoint (/knowage/restful-services/dossier/importTemplateFile_) for 6.x.x up to 8.1.7, where the templateName parameter is not sanitized, allowing crafting of ../ to escape the template directory and read arbitrary fi...

6.5CVSS6.2AI score0.00791EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/07/03 6:21 p.m.30 views

CVE-2023-36819 Knowage-Server vulnerable to Path traversal in download functionalities

Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch...

6.5CVSS6.1AI score0.00791EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/03 12:0 a.m.5 views

Knowage 路径遍历漏洞

Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. A path traversal vulnerability exists in Knowage versions prior to 6.x.x through 8.1.8, which stems from an authenticated user being able to download a template hosted on th...

6.5CVSS6.5AI score0.00791EPSS
Exploits1References2
NVD
NVD
added 2023/06/23 9:15 p.m.20 views

CVE-2023-35154

Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This...

7.2CVSS6.9AI score0.0038EPSS
Exploits0References1
Prion
Prion
added 2023/06/23 9:15 p.m.32 views

Design/Logic Flaw

Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This...

6.4CVSS6.4AI score0.0038EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/06/23 8:20 p.m.22 views

CVE-2023-35154 Knowage-Server vulnerable to account validation bypass

Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This...

7.2CVSS7.1AI score0.0038EPSS
Exploits0References1
CVE
CVE
added 2023/06/23 8:20 p.m.40 views

CVE-2023-35154

CVE-2023-35154 is a Knowage-Server vulnerability: from Knowage 6.0.0 up to 8.1.7, an attacker can register and activate an account without clicking the email link, effectively gaining access as a normal user. Root cause is an account‑validation bypass in the authentication/registration flow. The ...

7.2CVSS6.6AI score0.0038EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder