Lucene search

[email protected]NVD:CVE-2023-3140

HistoryJun 07, 2023 - 10:15 a.m.

CVE-2023-3140

2023-06-0710:15:09

CWE-1021

[email protected]

web.nvd.nist.gov

cve-2023-3140

clickjacking

http headers

knime business hub

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

18.5%

JSON

Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME
Business Hub before 1.4.0 has left users vulnerable to click
jacking. Clickjacking is an attack that occurs when an attacker uses a
transparent iframe in a window to trick a user into clicking on an
actionable item, such as a button or link, to another server in which
they have an identical webpage. The attacker essentially hijacks the
user activity intended for the original server and sends them to the
other server.

Affected configurations

Nvd

Node

knimebusiness_hubRange<1.4.0

VendorProductVersionCPE
knimebusiness_hub*cpe:2.3:a:knime:business_hub:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
knime	business_hub	*	cpe:2.3:a:knime:business_hub::::::::

References

www.knime.com/security/advisories#CVE-2023-3140

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

18.5%

JSON

Related for NVD:CVE-2023-3140

cvelist1 cve1 prion1