CVE-2021-45097

KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:knime:knime_server:*:*:*:*:*:*:*:*
cpe:2.3:a:knime:knime_server:*:*:*:*:*:*:*:*

History

28 Sep 2023, 14:15

Type Values Removed Values Added
References
  • (MISC) https://zigrin.com/advisories/knime-server-weak-file-permissions/ -

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-668 CWE-522

Information

Published : 2021-12-16 05:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-45097

Mitre link : CVE-2021-45097

CVE.ORG link : CVE-2021-45097


JSON object : View

Products Affected

knime

  • knime_server
CWE
CWE-522

Insufficiently Protected Credentials