← Back

Knowage

knowage

Vendor: Knowage Suite • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-14278
1Knowage Suite
1Knowage
Jun 17, 2026
Sep 5, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page.
CVE-2019-13349
1Knowage Suite
1Knowage
Jun 17, 2026
Sep 5, 2019
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.
CVE-2018-12354
1Knowage Suite
1Knowage
Nov 21, 2024
Jun 13, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request.
CVE-2018-12353
1Knowage Suite
1Knowage
Nov 21, 2024
Jun 13, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue.