Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:07
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.pentaho.com/hc/en-us/articles/27569195609869--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28982 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
18 Sep 2024, 14:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:hitachi:pentaho_business_analytics_server:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
First Time |
Hitachi pentaho Business Analytics Server
Hitachi |
|
References | () https://support.pentaho.com/hc/en-us/articles/27569195609869--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28982 - Vendor Advisory |
27 Jun 2024, 12:47
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
26 Jun 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-26 23:15
Updated : 2024-11-21 09:07
NVD link : CVE-2024-28982
Mitre link : CVE-2024-28982
CVE.ORG link : CVE-2024-28982
JSON object : View
Products Affected
hitachi
- pentaho_business_analytics_server
CWE
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')