Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-28982

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.

Published

2024-06-26T23:15:19.287

Last Modified

2024-11-21T09:07:19.063

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Secondary
CWE-776
Type: Primary
CWE-776

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hitachi	pentaho_business_analytics_server	< 9.3.0.7	Yes
Application	hitachi	pentaho_business_analytics_server	< 10.1.0.0	Yes

References

https://support.pentaho.com/hc/en-us/articles/27569195609869--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28982 Vendor Advisory ([email protected])
https://support.pentaho.com/hc/en-us/articles/27569195609869--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28982 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)