CVE-2021-45097

KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:knime:knime_server:*:*:*:*:*:*:*:*
cpe:2.3:a:knime:knime_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:31

Type Values Removed Values Added
CVSS v2 : 2.1
v3 : 5.5
v2 : 2.1
v3 : 2.9
References () https://github.com/dawid-czarnecki/public-vulnerabilities/tree/master/KNIME/CVE-weak-file-permission - Broken Link () https://github.com/dawid-czarnecki/public-vulnerabilities/tree/master/KNIME/CVE-weak-file-permission - Broken Link
References () https://zigrin.com/advisories/knime-server-weak-file-permissions/ - () https://zigrin.com/advisories/knime-server-weak-file-permissions/ -

28 Sep 2023, 14:15

Type Values Removed Values Added
References
  • (MISC) https://zigrin.com/advisories/knime-server-weak-file-permissions/ -

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-668 CWE-522

Information

Published : 2021-12-16 05:15

Updated : 2024-11-21 06:31


NVD link : CVE-2021-45097

Mitre link : CVE-2021-45097

CVE.ORG link : CVE-2021-45097


JSON object : View

Products Affected

knime

  • knime_server
CWE
CWE-522

Insufficiently Protected Credentials