Every CVE whose affected-product data names Knowage-suite Knowage, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2018-12354 — CVSS 8.8 (high): Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST…
CVE-2018-12353 — CVSS 6.1 (medium): Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue.
CVE-2019-14278 — CVSS 5.3 (medium): In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page.
CVE-2019-13349 — CVSS 4.9 (medium): In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.