XXE (External XML Entity) Injection Vulnerability in KNIME Analytics Platform before 4.5.0 via Crafted Workflow File (.knwf)

XXE (External XML Entity) Injection Vulnerability in KNIME Analytics Platform before 4.5.0 via Crafted Workflow File (.knwf)

CVE-2021-45096 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.

Learn more about our External Network Penetration Testing.