CVE-2014-7296

Name of the Vulnerable Software and Affected Versions SpagoBI version 5.0.0

Description The issue concerns the accessibility engine in SpagoBI, where the default configuration does not set FEATURE SECURE PROCESSING. This allows remote authenticated users to execute arbitrary Java code via a crafted XSL document.

Recommendations For SpagoBI version 5.0.0, consider setting the FEATURE SECURE PROCESSING feature to prevent the execution of arbitrary Java code. As a temporary workaround, restrict access to the accessibility engine until a proper configuration or patch is available.