Lucene search
K
EngKnowage

21 matches found

CVE
CVE
added 2019/09/05 5:32 p.m.84 views

CVE-2019-13188

CVE-2019-13188 affects Knowage up to version 6.1.1, where an unauthenticated user can bypass access controls and gain access to the entire application. The connected sources consistently describe an access-control bypass vulnerability enabling full visibility/interaction with the Knowage applicat...

9.8CVSS9.6AI score0.02462EPSS
CVE
CVE
added 2021/05/12 4:19 p.m.82 views

CVE-2021-30213

Knowage Suite 7.3 contains an unauthenticated reflected cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary web script via the targetService parameter in the /servlet/AdapterHTTP endpoint. Impact, as described, could allow malicious scripts to run in the victim’s browser, p...

6.1CVSS6AI score0.02721EPSS
Web
CVE
CVE
added 2019/09/05 4:49 p.m.75 views

CVE-2019-13190

Knowage up to version 6.1.1 contains a CAPTCHA bypass vulnerability where the signup page does not invalidate a valid CAPTCHA token, enabling bypass of CAPTCHA on registration. This affects the sign-up functionality and stems from the CAPTCHA token validation flaw described across multiple source...

5.3CVSS5.3AI score0.01387EPSS
CVE
CVE
added 2021/05/12 4:12 p.m.69 views

CVE-2021-30211

CVE-2021-30211 affects Knowage Suite 7.3. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the REST endpoint /knowage/restful-services/signup/update, exploitable via the surname parameter. The issue allows an attacker to inject arbitrary web scripts, potentially executed in victim...

5.4CVSS5.2AI score0.00499EPSS
Web
CVE
CVE
added 2022/10/13 12:0 a.m.68 views

CVE-2022-39295

CVE-2022-39295 affects Knowage-Server (KnowageLabs) 6.x and earlier, with vulnerable versions prior to 7.4.22, 8.0.9, and 8.1.0. The issue is a cross-site scripting vulnerability where the XSSRequestWrapper.stripXSS method can be bypassed. Patches are available in 7.4.22, 8.0.9, and 8.1.0. No pub...

6.1CVSS6AI score0.00531EPSS
CVE
CVE
added 2021/05/12 4:14 p.m.64 views

CVE-2021-30212

CVE-2021-30212 affects Knowage Suite 7.3 and is a Stored Cross-Site Scripting (XSS) vulnerability. The exposed component is the RESTful service at /knowage/restful-services/documentnotes/saveNote, where an attacker can inject arbitrary web scripts via the nota parameter. The CVE details in the co...

5.4CVSS5.2AI score0.00581EPSS
Web
CVE
CVE
added 2021/05/12 4:18 p.m.58 views

CVE-2021-30214

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection at /knowage/restful-services/signup/update through the name parameter. Root cause: the system stores client templates via the name parameter, enabling injection. Impact per sources is limited to client-side template manipula...

5.4CVSS5.6AI score0.23795EPSS
Web
CVE
CVE
added 2023/08/04 6:10 p.m.58 views

CVE-2023-38702

Knowage (open source analytics BI suite) prior to 8.1.8 is affected by CVE-2023-38702. An unauthenticated user can reach the endpoint /knowage/restful-services/dossier/importTemplateFile and upload a template file to the knowageqbeengine directory. Uploading a JSP file to that directory enables c...

9.9CVSS9.4AI score0.01062EPSS
Web
CVE
CVE
added 2023/07/14 8:17 p.m.56 views

CVE-2023-37472

Knowage exposes a CVE-2023-37472 SQL injection vulnerability in prior to 8.1.8. The issue arises when user-supplied data is used to build HQL queries, allowing crafted queries to affect subsequent SQL executed by Hibernate, specifically via the endpoint /knowage/restful-services/2.0/documents/lis...

7.7CVSS7.1AI score0.00585EPSS
Web
CVE
CVE
added 2019/08/28 3:46 p.m.47 views

CVE-2019-13348

CVE-2019-13348 affects Knowage up to 6.1.1: an authenticated user who visits the datasources page can access data source credentials in cleartext (including database credentials). Multiple connected sources corroborate this vulnerability (NVD entry, Red Hat advisory, CNVD, OSV, CVE listings). Roo...

8.8CVSS8.6AI score0.01467EPSS
CVE
CVE
added 2021/04/05 10:45 a.m.46 views

CVE-2021-30056

CVE-2021-30056 affects Knowage Suite prior to 7.4, where a reflected XSS vulnerability exists in the /restful-services/publish endpoint via the EXEC_FROM parameter, potentially leading to data leakage. The issue is documented across multiple feeds (NVD/Red Hat/CNVD/etc.). Mitigation is to upgrade...

5.4CVSS5.2AI score0.00616EPSS
Web
CVE
CVE
added 2018/06/13 11:0 p.m.45 views

CVE-2018-12355

CVE-2018-12355 affects Knowage (formerly SpagoBI) 6.1.1 with a cross-site scripting vulnerability in the Olap Schemas’ Catalogue exposed via the name or description fields. Multiple sources corroborate an XSS in Knowage 6.1.1; the vulnerability enables injection of arbitrary scripts through the s...

6.1CVSS5.9AI score0.00768EPSS
CVE
CVE
added 2021/04/05 10:45 a.m.45 views

CVE-2021-30058

CVE-2021-30058 affects Knowage Suite prior to 7.4. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary external scripts via the SBI_HOST parameter in the request to /knowagecockpitengine/api/1.0/pages/execute. Impact is described as enabling injectio...

6.1CVSS6AI score0.00994EPSS
Web
CVE
CVE
added 2021/04/05 10:45 a.m.43 views

CVE-2021-30057

CVE-2021-30057 is a stored HTML injection vulnerability in Knowage Suite (v7.1). An attacker can inject arbitrary HTML into the endpoint /restful-services/2.0/analyticalDrivers by manipulating the LABEL and NAME parameters. Public references in multiple feeds corroborate a vulnerability in Knowag...

4.8CVSS5.2AI score0.0066EPSS
Web
CVE
CVE
added 2023/07/03 6:21 p.m.41 views

CVE-2023-36819

Knowage Server suffers a path-traversal vulnerability in the download template endpoint (/knowage/restful-services/dossier/importTemplateFile_) for 6.x.x up to 8.1.7, where the templateName parameter is not sanitized, allowing crafting of ../ to escape the template directory and read arbitrary fi...

6.5CVSS6.2AI score0.00791EPSS
Web
CVE
CVE
added 2019/08/28 3:41 p.m.40 views

CVE-2019-13189

Knowage up to version 6.1.1 is vulnerable to a Cross-Site Scripting (XSS) flaw that can be triggered via the start_url or user_id parameter targeting the ChangePwdServlet. The issue stems from insufficient validation of client-side data, enabling an attacker to inject and execute script in the us...

6.1CVSS5.9AI score0.00943EPSS
CVE
CVE
added 2021/04/05 10:45 a.m.40 views

CVE-2021-30055

CVE-2021-30055 is a SQL injection vulnerability in Knowage Suite 7.1, affecting the documentexecution/url analytics driver via the par_year parameter when generating a report. Root cause: improper handling of input in the URL analytics driver leading to SQL commands being injected. Impact: potent...

8.8CVSS8.9AI score0.01602EPSS
Web
CVE
CVE
added 2023/06/23 8:20 p.m.40 views

CVE-2023-35154

CVE-2023-35154 is a Knowage-Server vulnerability: from Knowage 6.0.0 up to 8.1.7, an attacker can register and activate an account without clicking the email link, effectively gaining access as a normal user. Root cause is an account‑validation bypass in the authentication/registration flow. The ...

7.2CVSS6.6AI score0.0038EPSS
CVE
CVE
added 2025/09/01 3:46 p.m.21 views

CVE-2025-55007

Knowage (open source analytics/BI) prior to version 8.1.37 is affected by a server-side request forgery vulnerability that lets an attacker issue requests to arbitrary hosts/paths. The attacker cannot read the response, which limits impact, but the issue could be used to scan internal networks. T...

5.3CVSS6.3AI score0.00176EPSS
CVE
CVE
added 2025/09/29 11:48 p.m.21 views

CVE-2025-59954

CVE-2025-59954 affects Knowage: versions 8.1.26 and earlier are vulnerable to remote code execution due to an unsafe org.apache.commons.jxpath.JXPathContext usage in MetaService.java. The issue enables a hostile actor to execute code remotely, with impact described as high on confidentiality, int...

10CVSS6.8AI score0.00512EPSS
CVE
CVE
added 2026/01/07 5:16 p.m.13 views

CVE-2025-58441

Knowage (open source analytics/BI suite) prior to version 8.1.37 is affected by a blind server-side request forgery (SSRF). The issue allows an attacker to send requests to arbitrary hosts/paths, but cannot read responses, limiting direct impact. However, it could be used to scan internal network...

6.5CVSS6.5AI score0.00163EPSS