Unrated severityNVD Advisory· Published Oct 8, 2014· Updated Jun 17, 2026
CVE-2014-7296
CVE-2014-7296
Description
The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document.
Affected products
2Patches
Vulnerability mechanics
References
2- spagoworld.org/jira/browse/SPAGOBI-1885nvdVendor Advisory
- www.securityfocus.com/bid/70240nvd
News mentions
0No linked articles in our index yet.