Vulnerabilities > Pentaho > BI Server > 1.6.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-09-13 | CVE-2009-5101 | Information Exposure vulnerability in Pentaho BI Server 1.2.0/1.6.0 Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic. | 5.0 |
2011-09-13 | CVE-2009-5100 | Information Exposure vulnerability in Pentaho BI Server 1.2.0/1.6.0 Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password. | 2.1 |
2011-09-13 | CVE-2009-5099 | Cross-Site Scripting vulnerability in Pentaho BI Server 1.2.0/1.6.0 Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter. | 4.3 |