Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

DATE

6.12.2021

Affected Vendor

KNIME AG

Affected Product

KNIME Analytics Platform – open source software for creating data science – https://www.knime.com/knime-software

Vulnerable version

4.4

Fixed version

4.5

Recommendations

Update to KNIME Analytics Platform version 4.5 

Vulnerability details

KNIME Analytics Profile version 4.4 is vulnerable to external XML entity injection. To exploit this vulnerability a victim must open a crafted workflow file (.knwf). The application then will initiate a network connection to the attacker’s controlled server and steal sensitive information such as password hashes. No privileges are required to exploit this vulnerability.

CVE

CVE-2021-45096

Credits

Dawid Czarnecki

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

NEED A CONSULTATION?