Vulnerabilities > CVE-2024-28982 - XML Entity Expansion vulnerability in Hitachi Pentaho Business Analytics Server

047910
CVSS 8.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
HIGH
network
low complexity
hitachi
CWE-776
NVD
Published: 2024-06-26
Updated: 2024-09-18

Summary

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.

Vulnerable Configurations

Part Description Count
Application
Hitachi
1

Common Weakness Enumeration (CWE)

References