Unrated severityNVD Advisory· Published Jun 26, 2024· Updated Sep 11, 2024
Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference
CVE-2024-28982
Description
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.
Affected products
2<10.1.0.0, <9.3.0.7+ 1 more
- (no CPE)range: <10.1.0.0, <9.3.0.7
- (no CPE)range: 1.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.