Primary

Context

Knowage Server Prior to 8.1.37 Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in Knowage Server versions prior to 8.1.37. This vulnerability allows attackers to send requests to arbitrary hosts and paths. Although the attacker cannot read the response, which limits the impact, this vulnerability could be exploited to scan the internal network.

Impact

Exploitation of this vulnerability could lead to unauthorized network scanning, potentially allowing an attacker to discover and interact with internal services or systems.

Remediation

Users are advised to upgrade to Knowage Server version 8.1.37 or later.

Added: Sep 1, 2025, 4:18 PM

Updated: Sep 1, 2025, 4:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Knowage Server Prior to 8.1.37 Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Knowage

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating