Unrated severityNVD Advisory· Published Dec 12, 2023· Updated Aug 2, 2024
Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')
CVE-2023-3517
Description
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.
Affected products
2<9.5.0.1+ 1 more
- (no CPE)range: <9.5.0.1
- (no CPE)range: 1.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.