13 matches found
EUVD-2024-53871
Malicious code in bioql PyPI...
CVE-2024-57971
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name...
CVE-2024-57971
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name...
CVE-2024-57971
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name...
CVE-2024-57971
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name...
CVE-2024-57971
Knowage before 8.1.30 is affected by CVE-2024-57971 due to DataSourceResource.java in the SpagoBI API support not ensuring that java:comp/env/jdbc/ occurs at the beginning of a JNDI name. This misconfiguration can expose a high-severity vulnerability with a CVSS v3.1 base score of 9.1 (Network, L...
CVE-2024-57971
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name...
CVE-2023-36819 Knowage-Server vulnerable to Path traversal in download functionalities
Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch...
CVE-2023-36819 Knowage-Server vulnerable to Path traversal in download functionalities
Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch...
CVE-2023-35154 Knowage-Server vulnerable to account validation bypass
Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This...
CVE-2022-39295 Improper Neutralization of Alternate XSS Syntax in Knowage-Server
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...
CVE-2022-39295
CVE-2022-39295 affects Knowage-Server (KnowageLabs) 6.x and earlier, with vulnerable versions prior to 7.4.22, 8.0.9, and 8.1.0. The issue is a cross-site scripting vulnerability where the XSSRequestWrapper.stripXSS method can be bypassed. Patches are available in 7.4.22, 8.0.9, and 8.1.0. No pub...
CVE-2022-39295 Improper Neutralization of Alternate XSS Syntax in Knowage-Server
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...