CVE-2023-5562

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 12, 2023
Updated: Oct 18, 2023
CWE ID 79

Summary

CVE-2023-5562 is a vulnerability affecting KNIME Analytics Platform versions before 5.2.0. The issue involves unsafe default configurations that allow for cross-site scripting attacks. When KNIME Analytics Platform is used as an executor for KNIME Server or KNIME Business Hub, certain JavaScript-based view nodes do not sanitize user data by default. If the data contains JavaScript code, it is executed in the browser, potentially allowing attackers to perform any actions authorized for the current user silently. Although configurable options for data sanitization exist, they are turned off by default, increasing the risk of cross-site scripting attacks. To mitigate this, users of previous releases are advised to enable these settings in the executor's knime.ini file. As of version 5.2.0, KNIME Analytics Platform will enable sanitization by default.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • KNIME Analytics Platform

Affected Vendors

  • KNIME

Advisories, Assessments, and Mitigations

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-5562 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database