Back

CVE-2024-6598

July 9, 2024, 6:19 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

KNIME Business Hub

  • 1.10.0
  • 1.10.1

Source

security@knime.com

Tags

CWE-770
2024-07-09
CVE-2024-6598
security@knime.com

CVE-2024-6598 details

Published : July 9, 2024, 2:15 p.m.
Last Modified : July 9, 2024, 6:19 p.m.

Description

A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. It allows an authenticated attacker with job execution privileges to execute a job that causes internal messages to pile up until there are no more resources available for processing new messages. This leads to an outage of most functionality of KNIME Business Hub. Recovery from the situation is only possible by manual administrator interaction. Please contact our support for instructions in case you have run into this situation. Updating to KNIME Business Hub 1.10.2 or later solves the problem.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-770 Allocation of Resources Without Limits or Throttling The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

URL Source
https://www.knime.com/security/advisories#CVE-2024-6598 security@knime.com
This website uses the NVD API, but is not approved or certified by it.