Vulnerabilities > ENG > Spagobi > 5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-10-08 | CVE-2014-7296 | Code Injection vulnerability in ENG Spagobi 5.0 The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document. | 6.8 |