We are reliable, trustworthy, and ready for challenges! Hire Us
KNIME Server – Weak file permissions
- Home
- Advisories
- KNIME Server – Weak file permissions
DATE
16.12.2021
Affected Vendor
KNIME AG
Affected Product
KNIME Server – Enterprise software for putting your data science workflows into production – https://www.knime.com/knime-software
Vulnerable version
4.13.3, 4.12.4, 4.11.5
Fixed version
4.13.4, 4.12.5, 4.12.6
CVSS
Recommendations
Update to KNIME Server version 4.13.4, 4.12.5, or 4.12.6
Vulnerability details
KNIME Server versions 4.13.3, 4.12.4, 4.11.5 when installed in unattended mode keeps administrator’s password in a file without appropriate file access controls allowing all local users to read its content.
CVE
CVE-2021-45097
Credits
Dawid Czarnecki
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.