exploitDog

GHSA-3x45-j72c-xqpj

Опубликовано: 27 июн. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 7.1

Описание

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.

Ссылки

EPSS

Процентиль: 53%

0.003

Низкий

7.1 High

CVSS3

CVE ID

Дефекты

CWE-776

Связанные уязвимости

CVE-2024-28982

CVSS3: 7.1

nvd

больше 1 года назад

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.

EPSS

Процентиль: 53%

0.003

Низкий

7.1 High

CVSS3

CVE ID

Дефекты

CWE-776