8.8
CVE-2025-2402
- EPSS 0.5%
- Veröffentlicht 31.03.2025 07:15:18
- Zuletzt bearbeitet 08.10.2025 17:16:33
- Quelle security@knime.com
- CVE-Watchlists
- Unerledigt
A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.2 or later * 1.12.3 or later * 1.11.3 or later * 1.10.3 or later
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Knime ≫ Business Hub Version < 1.10.3
Knime ≫ Business Hub Version >= 1.11.0 < 1.11.3
Knime ≫ Business Hub Version >= 1.12.0 < 1.12.3
Knime ≫ Business Hub Version >= 1.13.0 < 1.13.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.653 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.6 | 3.9 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
|
| security@knime.com | 8.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber
|
CWE-259 Use of Hard-coded Password
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.