Lucene search
+L

10 matches found

CVE
CVE
added 2019/09/05 5:32 p.m.85 views

CVE-2019-13188

CVE-2019-13188 affects Knowage up to version 6.1.1, where an unauthenticated user can bypass access controls and gain access to the entire application. The connected sources consistently describe an access-control bypass vulnerability enabling full visibility/interaction with the Knowage applicat...

9.8CVSS9.6AI score0.02462EPSS
CVE
CVE
added 2019/08/28 3:46 p.m.49 views

CVE-2019-13348

CVE-2019-13348 affects Knowage up to 6.1.1: an authenticated user who visits the datasources page can access data source credentials in cleartext (including database credentials). Multiple connected sources corroborate this vulnerability (NVD entry, Red Hat advisory, CNVD, OSV, CVE listings). Roo...

8.8CVSS8.6AI score0.01467EPSS
CVE
CVE
added 2021/04/05 10:45 a.m.47 views

CVE-2021-30056

CVE-2021-30056 affects Knowage Suite prior to 7.4, where a reflected XSS vulnerability exists in the /restful-services/publish endpoint via the EXEC_FROM parameter, potentially leading to data leakage. The issue is documented across multiple feeds (NVD/Red Hat/CNVD/etc.). Mitigation is to upgrade...

5.4CVSS5.2AI score0.00616EPSS
Web
CVE
CVE
added 2021/04/05 10:45 a.m.47 views

CVE-2021-30058

CVE-2021-30058 affects Knowage Suite prior to 7.4. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary external scripts via the SBI_HOST parameter in the request to /knowagecockpitengine/api/1.0/pages/execute. Impact is described as enabling injectio...

6.1CVSS6AI score0.00994EPSS
Web
CVE
CVE
added 2021/04/05 10:45 a.m.45 views

CVE-2021-30057

CVE-2021-30057 is a stored HTML injection vulnerability in Knowage Suite (v7.1). An attacker can inject arbitrary HTML into the endpoint /restful-services/2.0/analyticalDrivers by manipulating the LABEL and NAME parameters. Public references in multiple feeds corroborate a vulnerability in Knowag...

4.8CVSS5.2AI score0.0066EPSS
Web
CVE
CVE
added 2021/04/05 10:45 a.m.41 views

CVE-2021-30055

CVE-2021-30055 is a SQL injection vulnerability in Knowage Suite 7.1, affecting the documentexecution/url analytics driver via the par_year parameter when generating a report. Root cause: improper handling of input in the URL analytics driver leading to SQL commands being injected. Impact: potent...

8.8CVSS8.9AI score0.01602EPSS
Web
CVE
CVE
added 2019/08/28 3:41 p.m.40 views

CVE-2019-13189

Knowage up to version 6.1.1 is vulnerable to a Cross-Site Scripting (XSS) flaw that can be triggered via the start_url or user_id parameter targeting the ChangePwdServlet. The issue stems from insufficient validation of client-side data, enabling an attacker to inject and execute script in the us...

6.1CVSS5.9AI score0.00943EPSS
CVE
CVE
added 2025/09/01 3:46 p.m.22 views

CVE-2025-55007

Knowage (open source analytics/BI) prior to version 8.1.37 is affected by a server-side request forgery vulnerability that lets an attacker issue requests to arbitrary hosts/paths. The attacker cannot read the response, which limits impact, but the issue could be used to scan internal networks. T...

5.3CVSS6.3AI score0.00176EPSS
CVE
CVE
added 2025/09/29 11:48 p.m.22 views

CVE-2025-59954

CVE-2025-59954 affects Knowage: versions 8.1.26 and earlier are vulnerable to remote code execution due to an unsafe org.apache.commons.jxpath.JXPathContext usage in MetaService.java. The issue enables a hostile actor to execute code remotely, with impact described as high on confidentiality, int...

10CVSS6.8AI score0.00512EPSS
CVE
CVE
added 2026/01/07 5:16 p.m.15 views

CVE-2025-58441

Knowage (open source analytics/BI suite) prior to version 8.1.37 is affected by a blind server-side request forgery (SSRF). The issue allows an attacker to send requests to arbitrary hosts/paths, but cannot read responses, limiting direct impact. However, it could be used to scan internal network...

6.5CVSS6.5AI score0.00163EPSS