CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2402 – Hard-coded password for object store of KNIME Business Hub
https://notcve.org/view.php?id=CVE-2025-2402
31 Mar 2025 — A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly. There are no viable workarounds therefore we strongly recom... • https://www.knime.com/security/advisories#CVE-2025-2402 • CWE-259: Use of Hard-coded Password •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2787 – Ingress-nginx vulnerability in KNIME Business Hub
https://notcve.org/view.php?id=CVE-2025-2787
26 Mar 2025 — KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the following ver... • https://www.knime.com/security/advisories • CWE-94: Improper Control of Generation of Code ('Code Injection') •