Knowage CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58441	1 Knowage-suite	1 Knowage	2026-01-08	N/A
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker should be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.
CVE-2019-14278	1 Knowage-suite	1 Knowage	2024-11-21	N/A
In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page.
CVE-2019-13349	1 Knowage-suite	1 Knowage	2024-11-21	N/A
In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.
CVE-2018-12354	1 Knowage-suite	1 Knowage	2024-11-21	N/A
Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request.
CVE-2018-12353	1 Knowage-suite	1 Knowage	2024-11-21	N/A
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue.

Page 1 of 1.