CVE-2024-6598
📋 TL;DR
This vulnerability allows authenticated attackers with job execution privileges to trigger a denial-of-service condition in KNIME Business Hub. By executing a specially crafted job, they can cause internal messages to accumulate until system resources are exhausted, disrupting most functionality. Only systems running KNIME Business Hub 1.10.0 or 1.10.1 are affected.
💻 Affected Systems
- KNIME Business Hub
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete outage of KNIME Business Hub functionality requiring manual administrator intervention for recovery, potentially causing extended business disruption.
Likely Case
Service disruption affecting job execution and other core functionality until manual recovery is performed.
If Mitigated
Limited impact if proper access controls restrict job execution to trusted users only.
🎯 Exploit Status
Exploitation requires authenticated access with job execution privileges. The attack involves executing a job that causes message accumulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.10.2 or later
Vendor Advisory: https://www.knime.com/security/advisories#CVE-2024-6598
Restart Required: Yes
Instructions:
1. Download KNIME Business Hub 1.10.2 or later from official sources. 2. Backup current configuration and data. 3. Stop the KNIME Business Hub service. 4. Install the updated version. 5. Restart the service. 6. Verify functionality.
🔧 Temporary Workarounds
Restrict Job Execution Privileges
allTemporarily limit job execution capabilities to only essential, trusted administrators until patching can be completed.
Implement Rate Limiting
allConfigure job execution rate limits to prevent rapid accumulation of internal messages.
🧯 If You Can't Patch
- Implement strict access controls to limit job execution privileges to minimal necessary users.
- Monitor system resource usage and job execution patterns for abnormal behavior indicating potential exploitation.
🔍 How to Verify
Check if Vulnerable:
Check the KNIME Business Hub version in the administration interface or configuration files. If version is 1.10.0 or 1.10.1, the system is vulnerable.Check Version:
Check the KNIME Business Hub web interface under Administration > System Information, or examine the installation directory for version files.Verify Fix Applied:
After updating, verify the version shows 1.10.2 or later in the administration interface and test job execution functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual increase in internal message queue sizes
- Repeated job execution failures
- System resource exhaustion warnings
Network Indicators:
- Increased job execution requests from single users
- Abnormal patterns in job submission traffic
SIEM Query:
source="knime_business_hub" AND (message="resource exhaustion" OR message="queue overflow" OR message="job execution error")