Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Knowage
(Knowage\-Suite)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-05 | CVE-2019-14278 | In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page. | Knowage | 5.3 | ||
| 2019-09-05 | CVE-2019-13349 | In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. | Knowage | 4.9 | ||
| 2018-06-13 | CVE-2018-12354 | Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request. | Knowage | 8.8 | ||
| 2018-06-13 | CVE-2018-12353 | Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue. | Knowage | 6.1 |