← back
CVE-2024-28982

Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference

CVSS 7.1 HIGHEPSS 0.4%CWE-776
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Affected products
Hitachi Vantara · Pentaho Business Analytics Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.pentaho.com/hc/en-us/articles/27569195609869--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28982