Knime Server Security Vulnerabilities and Issues — Knime Server CVE List

Lucene search

KnimeKnime Server

4 matches found

cve•added 2022/11/24 7:15 a.m.•39 views

CVE-2022-44748

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, can ...

7.5CVSS7.6AI score0.02342EPSS

cve•added 2021/12/08 4:15 a.m.•38 views

CVE-2021-44726

KNIME Server before 4.13.4 allows XSS via the old WebPortal login page.

8.8CVSS5.9AI score0.00646EPSS

cve•added 2021/12/08 4:15 a.m.•29 views

CVE-2021-44725

KNIME Server before 4.13.4 allows directory traversal in a request for a client profile.

7.5CVSS7.5AI score0.00256EPSS

cve•added 2021/12/16 5:15 a.m.•29 views

CVE-2021-45097

KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.

5.5CVSS5.3AI score0.00119EPSS