本ページは knime knime_server に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-44748 | A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server. | [email protected] | 7.1 | 1.32% | 2022-11-24 | 2024-11-21 |
| CVE-2021-45097 | KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content. | [email protected] | 2.9 | 0.22% | 2021-12-16 | 2024-11-21 |
| CVE-2021-44726 | KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. | [email protected] | 8.8 | 0.73% | 2021-12-08 | 2024-11-21 |
| CVE-2021-44725 | KNIME Server before 4.13.4 allows directory traversal in a request for a client profile. | [email protected] | 7.5 | 1.53% | 2021-12-08 | 2024-11-21 |