← Back

CVE-2021-45096

nvd nist
Published: Dec 16, 2021Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.

Affected (1)

Knime
1 product
Knime Analytics Platform
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Knime Analytics Platform
Before 4.5.0

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (8)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Product
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.