8.8
CVE-2025-2402
- EPSS 0.37%
- Veröffentlicht 31.03.2025 07:15:18
- Zuletzt bearbeitet 08.10.2025 17:16:33
- Quelle security@knime.com
- CVE-Watchlists
- Unerledigt
Hard-coded password for object store of KNIME Business Hub
A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.2 or later * 1.12.3 or later * 1.11.3 or later * 1.10.3 or later
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Knime ≫ Business Hub Version < 1.10.3
Knime ≫ Business Hub Version >= 1.11.0 < 1.11.3
Knime ≫ Business Hub Version >= 1.12.0 < 1.12.3
Knime ≫ Business Hub Version >= 1.13.0 < 1.13.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.282 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.6 | 3.9 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
|
| security@knime.com | 8.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber
|
CWE-259 Use of Hard-coded Password
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
https://www.knime.com/security/advisories#CVE-2025-2402
https://github.com/advisories/GHSA-v5p7-3387-gpmg