Description
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
- Attack Vector
- network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- low
- Availability
- high
- Weaknesses
- CWE-776CWE-776
Metadata
- Primary Vendor
- HITACHI
- Published
- 6/26/2024
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
hitachi : pentaho_business_analytics_serverhitachi : pentaho_business_analytics_server
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.