Today > 3 Critical | 10 High | 10 Medium | 4 Low vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-6598

July 9, 2024, 6:19 p.m.

Product(s) Impacted

KNIME Business Hub

  • 1.10.0
  • 1.10.1

Description

A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. It allows an authenticated attacker with job execution privileges to execute a job that causes internal messages to pile up until there are no more resources available for processing new messages. This leads to an outage of most functionality of KNIME Business Hub. Recovery from the situation is only possible by manual administrator interaction. Please contact our support for instructions in case you have run into this situation. Updating to KNIME Business Hub 1.10.2 or later solves the problem.

Weaknesses

CWE-770
Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

CWE ID: 770

Date

Published: July 9, 2024, 2:15 p.m.

Last Modified: July 9, 2024, 6:19 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@knime.com

References

https://www.knime.com/ security@knime.com