10 matches found
CVE-2019-13188
CVE-2019-13188 affects Knowage up to version 6.1.1, where an unauthenticated user can bypass access controls and gain access to the entire application. The connected sources consistently describe an access-control bypass vulnerability enabling full visibility/interaction with the Knowage applicat...
CVE-2019-13348
CVE-2019-13348 affects Knowage up to 6.1.1: an authenticated user who visits the datasources page can access data source credentials in cleartext (including database credentials). Multiple connected sources corroborate this vulnerability (NVD entry, Red Hat advisory, CNVD, OSV, CVE listings). Roo...
CVE-2021-30056
CVE-2021-30056 affects Knowage Suite prior to 7.4, where a reflected XSS vulnerability exists in the /restful-services/publish endpoint via the EXEC_FROM parameter, potentially leading to data leakage. The issue is documented across multiple feeds (NVD/Red Hat/CNVD/etc.). Mitigation is to upgrade...
CVE-2021-30058
CVE-2021-30058 affects Knowage Suite prior to 7.4. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary external scripts via the SBI_HOST parameter in the request to /knowagecockpitengine/api/1.0/pages/execute. Impact is described as enabling injectio...
CVE-2021-30057
CVE-2021-30057 is a stored HTML injection vulnerability in Knowage Suite (v7.1). An attacker can inject arbitrary HTML into the endpoint /restful-services/2.0/analyticalDrivers by manipulating the LABEL and NAME parameters. Public references in multiple feeds corroborate a vulnerability in Knowag...
CVE-2021-30055
CVE-2021-30055 is a SQL injection vulnerability in Knowage Suite 7.1, affecting the documentexecution/url analytics driver via the par_year parameter when generating a report. Root cause: improper handling of input in the URL analytics driver leading to SQL commands being injected. Impact: potent...
CVE-2019-13189
Knowage up to version 6.1.1 is vulnerable to a Cross-Site Scripting (XSS) flaw that can be triggered via the start_url or user_id parameter targeting the ChangePwdServlet. The issue stems from insufficient validation of client-side data, enabling an attacker to inject and execute script in the us...
CVE-2025-55007
Knowage (open source analytics/BI) prior to version 8.1.37 is affected by a server-side request forgery vulnerability that lets an attacker issue requests to arbitrary hosts/paths. The attacker cannot read the response, which limits impact, but the issue could be used to scan internal networks. T...
CVE-2025-59954
CVE-2025-59954 affects Knowage: versions 8.1.26 and earlier are vulnerable to remote code execution due to an unsafe org.apache.commons.jxpath.JXPathContext usage in MetaService.java. The issue enables a hostile actor to execute code remotely, with impact described as high on confidentiality, int...
CVE-2025-58441
Knowage (open source analytics/BI suite) prior to version 8.1.37 is affected by a blind server-side request forgery (SSRF). The issue allows an attacker to send requests to arbitrary hosts/paths, but cannot read responses, limiting direct impact. However, it could be used to scan internal network...