Vulnerability Details CVE-2021-44725
KNIME Server before 4.13.4 allows directory traversal in a request for a client profile.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://docs.knime.com/2021-06/server_update_guide/index.html#_bugfixes
- https://zigrin.com/advisories/knime-server-directory-path-traversal-in-the-profiles-section/
- https://docs.knime.com/2021-06/server_update_guide/index.html#_bugfixes
- https://zigrin.com/advisories/knime-server-directory-path-traversal-in-the-profiles-section/
Products affected by CVE-2021-44725
-
cpe:2.3:a:knime:knime_server:4.12.5
-
cpe:2.3:a:knime:knime_server:4.13.3