PT-2024-37746 · Knime · Knime Business Hub
Published
2024-07-09
·
Updated
2025-10-08
·
CVE-2024-6598
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
KNIME Business Hub versions 1.10.0 through 1.10.1
Description
A denial-of-service attack is possible through the execution functionality of KNIME Business Hub. It allows an authenticated attacker with job execution privileges to execute a job that causes internal messages to pile up until there are no more resources available for processing new messages. This leads to an outage of most functionality of KNIME Business Hub. Recovery from the situation is only possible by manual administrator interaction.
Recommendations
For KNIME Business Hub versions 1.10.0 and 1.10.1, update to KNIME Business Hub 1.10.2 or later to resolve the issue.
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Knime Business Hub