CVE-2020-24665

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho versions 7.x through 8.x before 7.1.0.25 Hitachi Vantara Pentaho versions 8.x before 8.2.0.6 Hitachi Vantara Pentaho versions 8.3.0.0 before GA

Description: The Dashboard Editor in Hitachi Vantara Pentaho contains an XML Entity Expansion injection issue, allowing authenticated remote users to trigger a denial of service condition. The vulnerability is specifically related to the dashboardXml parameter.

Recommendations: For Hitachi Vantara Pentaho versions 7.x, update to version 7.1.0.25 or later. For Hitachi Vantara Pentaho versions 8.x before 8.2.0.6, update to version 8.2.0.6 or later. For Hitachi Vantara Pentaho versions 8.3.0.0 before GA, update to the GA version or later. As a temporary workaround, consider restricting access to the dashboardXml parameter to minimize the risk of exploitation.