exploitDog

GHSA-5w65-7gfr-vxjf

Опубликовано: 13 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 8.5

Описание

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.

Ссылки

EPSS

Процентиль: 32%

0.00123

Низкий

8.5 High

CVSS3

CVE ID

Дефекты

CWE-99

Связанные уязвимости

CVE-2023-3517

CVSS3: 8.5

nvd

около 2 лет назад

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.

EPSS

Процентиль: 32%

0.00123

Низкий

8.5 High

CVSS3

CVE ID

Дефекты

CWE-99