Knime Analytics Platform Security Vulnerabilities and Issues — Knime Analytics Platform CVE List

Lucene search

KnimeKnime Analytics Platform

4 matches found

cve•added 2022/06/02 2:15 p.m.•43 views

CVE-2022-31500

In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.

7.8CVSS7.6AI score0.00123EPSS

cve•added 2022/11/24 7:15 a.m.•43 views

CVE-2022-44749

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being opene...

7CVSS6.7AI score0.00129EPSS

cve•added 2023/10/12 8:15 p.m.•43 views

CVE-2023-5562

An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by def...

6.1CVSS6.1AI score0.00131EPSS

cve•added 2021/12/16 5:15 a.m.•34 views

CVE-2021-45096

KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.

4.7CVSS4.5AI score0.00472EPSS