Product
eng knowage
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-58441
CVE-2025-59954
CVE-2025-55007
CVE-2023-38702
CVE-2023-37472
CVE-2023-36819
CVE-2023-35154
CVE-2022-39295
CVE-2021-30214
CVE-2021-30213
CVE-2021-30212
CVE-2021-30211
CVE-2021-30058
CVE-2021-30057
CVE-2021-30056
CVE-2021-30055
CVE-2019-14278
CVE-2019-13349
CVE-2019-13188
CVE-2019-13190
CVE-2019-13348
CVE-2019-13189
CVE-2018-12355
CVE-2018-12354
CVE-2018-12353
< 8.1.37
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request
< 8.1.27
Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exect
< 8.1.37
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side
>= 6.1.0 and < 8.1.8
Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the
>= 6.1.0 and < 8.1.8
Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without
>= 6.0.0 and < 8.1.8
Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The end
>= 6.1.0 and < 8.1.8
Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an atta
>= 6.1.0 and < 7.4.22
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server star
all versions
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'nam
all versions
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web scri
all versions
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/res
all versions
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/res
< 7.4
Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowag
< 7.4
A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-serv
< 7.4
Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /re
< 7.4
A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the
<= 6.1.1
In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page.
<= 6.1.1
In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.
< 6.4
In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application.
<= 6.1.1
In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup
< 6.4
In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials
< 6.4
In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page.
all versions
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue.
all versions
Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/
all versions
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue.