VYPR
Unrated severityNVD Advisory· Published Sep 13, 2011· Updated Jun 16, 2026

CVE-2009-5101

CVE-2009-5101

Description

Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic.

Affected products

4
  • Pentaho/Bi Server4 versions
    cpe:2.3:a:pentaho:bi_server:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:pentaho:bi_server:*:*:*:*:*:*:*:*range: <=1.7.0.1062
    • cpe:2.3:a:pentaho:bi_server:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pentaho:bi_server:1.6.0:*:*:*:*:*:*:*
    • (no CPE)range: <=1.7.0.1062

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.