Strix
26.1K

CVE-2024-6598

HIGHCVSS 7.1/10EPSS 0.54%

Last modified

CVE-2024-6598 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. It allows an authenticated attacker with job execution privileges to execute a job that causes internal messages to pile up until there are no more resources available for processing new messages. EPSS estimates a 0.54% chance of exploitation in the next 30 days.

Description

A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. It allows an authenticated attacker with job execution privileges to execute a job that causes internal messages to pile up until there are no more resources available for processing new messages. This leads to an outage of most functionality of KNIME Business Hub. Recovery from the situation is only possible by manual administrator interaction. Please contact our support for instructions in case you have run into this situation. Updating to KNIME Business Hub 1.10.2 or later solves the problem.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0
7.1/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability
0.54%

41.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
KnimeBusiness Hub>= 1.10.0, < 1.10.2

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-6598?
A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. It allows an authenticated attacker with job execution privileges to execute a job that causes internal messages to pile up until there are no more resources available for processing new messages. This leads to an outage of most functionality of KNIME Business Hub. Recovery from the situation is only possible by manual administrator interaction. Please contact our support for instructions in case you have run into this situation. Updating to KNIME Business Hub 1.10.2 or later solves the problem.
How severe is CVE-2024-6598?
CVE-2024-6598 has a CVSS score of 7.1/10 (HIGH severity). The EPSS model estimates a 0.54% probability of exploitation in the next 30 days.
How do I fix CVE-2024-6598?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-6598?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST