KNIME Analytics Platform – External XML entity injection
Update to KNIME Analytics Platform version 4.5
KNIME Analytics Profile version 4.4 is vulnerable to external XML entity injection. To exploit this vulnerability a victim must open a crafted workflow file (.knwf). The application then will initiate a network connection to the attacker’s controlled server and steal sensitive information such as password hashes. No privileges are required to exploit this vulnerability.
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.