KNIME Business Hub 多个CVE漏洞公告 (RCE/SSRF/硬编码密码等)

关键漏洞信息总结 1. CVE-2025-11240 - Open Redirect Vulnerability in KNIME Business Hub 发布日期: 2025-10-02 受影响产品: KNIME Business Hub before 1.16.0 修复版本: KNIME Business Hub 1.16.0 CVSS v4.0 分数: 5.3 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N 2. CVE-2025-11239 - Job Details are Visible to all Team Members on KNIME Business Hub 发布日期: 2025-10-02 受影响产品: KNIME Business Hub before 1.16.0 修复版本: KNIME Business Hub 1.16.0 CVSS v4.0 分数: 2.3 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N 3. CVE-2025-3019 - Cross-Site Scripting Vulnerabilities in KNIME Business Hub Web Pages 发布日期: 2025-03-31 受影响产品: KNIME Business Hub since 1.12 修复版本: KNIME Business Hub 1.13.3, 1.12.4 CVSS v4.0 分数: 5.3 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:L/V:S:C:A:N/AU:Y/R:U/V:D/RE:M/SA:S/UA:R 4. CVE-2025-2787 - Ingress-nginx Vulnerability in KNIME Business Hub 发布日期: 2025-03-31 受影响产品: all versions of KNIME Business Hub 修复版本: KNIME Business Hub 1.13.3, 1.12.4, 1.11.4, 1.10.4 CVSS v4.0 分数: 8.7 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/AU:N/R:U/V:C/RE:M/U:Amb/SA:S/UA:R 5. CVE-2025-2402 - Hard-Coded Password for Object Store of KNIME Business Hub 发布日期: 2025-03-31 受影响产品: all versions of KNIME Business Hub 修复版本: KNIME Business Hub 1.13.2, 1.12.3, 1.11.3, 1.10.3 CVSS v4.0 分数: 8.8 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:N/AU:Y/R:U/V:C/RE:M/U:Amb/SA:S/UA:R 6. CVE-2024-6598 - Denial-of-Service on KNIME Business Hub when certain jobs are executed 发布日期: 2024-07-09 受影响产品: KNIME Business Hub 1.10.0 and 1.10.1 修复版本: KNIME Business Hub 1.10.2 CVSS v4.0 分数: 7.1 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N 7. CVE-2023-5562 - Unsafe default allows cross-site scripting attacks in KNIME Server and KNIME Business Hub 发布日期: 2023-10-12 受影响产品: KNIME Analytics Platform before 5.2.2 修复版本: KNIME Analytics Platform 5.2.2 Base CVSS Score: 6.1 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:W/RC:C

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

KNIME Business Hub 多个CVE漏洞公告 (RCE/SSRF/硬编码密码等)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！