Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

KNIME Server – Weak file permissions

DATE

16.12.2021

Affected Vendor

KNIME AG

Affected Product

KNIME Server – Enterprise software for putting your data science workflows into production – https://www.knime.com/knime-software

Vulnerable version

4.13.3, 4.12.4, 4.11.5

Fixed version

4.13.4, 4.12.5, 4.12.6

CVSS

2.9 Low CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Recommendations

Update to KNIME Server version 4.13.4, 4.12.5, or 4.12.6

Vulnerability details

KNIME Server versions 4.13.3, 4.12.4, 4.11.5 when installed in unattended mode keeps administrator’s password in a file without appropriate file access controls allowing all local users to read its content.

CVE

CVE-2021-45097

Credits

Dawid Czarnecki

References

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

NEED A CONSULTATION?

Contact Us