Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
KNIME Hub Web Application is vulnerable to clickjacking
Vulnerability Description
Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
不当限制渲染UI层或帧
Vulnerability Title
KNIME Business Hub 安全漏洞
Vulnerability Description
KNIME Business Hub是KNIME公司的用于数据科学自动化、部署模型、团队协作和管理工作流的企业软件。 KNIME Business Hub 1.4.0之前版本存在安全漏洞,该漏洞源于缺少 HTTP 标头。攻击者利用该漏洞劫持了用于原始服务器的用户活动并将它们发送到其他服务器。
CVSS Information
N/A
Vulnerability Type
N/A