PT-2023-25181 · Hitachi Vantara · Pentaho Data Integration & Analytics

Markus Wulftange

Publicado

2023-12-12

Atualizado

2023-12-18

CVE-2023-3517

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 9.5.0.1 Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 9.3.0.5 Hitachi Vantara Pentaho Data Integration & Analytics version 8.3.x

Description The issue allows control of system level data sources due to the lack of restriction on JNDI identifiers during the creation of XActions.

Recommendations For versions prior to 9.5.0.1, update to version 9.5.0.1 or later. For versions prior to 9.3.0.5, update to version 9.3.0.5 or later. For version 8.3.x, consider restricting the creation of XActions or disabling the feature until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-99

Identificadores relacionados

CVE-2023-3517

Produtos afetados

Pentaho Data Integration & Analytics

PT-2023-25181 · Hitachi Vantara · Pentaho Data Integration & Analytics

CVE-2023-3517

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6