PT-2021-11062 · Hitachi Vantara · Pentaho
Andrej Å Imko
·
Published
2021-01-29
·
Updated
2021-02-04
·
CVE-2020-24670
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Hitachi Vantara Pentaho versions 7.x through 8.x
Description:
The Dashboard Editor in Hitachi Vantara Pentaho contains a reflected Cross-site scripting issue, allowing authenticated remote users to execute arbitrary JavaScript code. The vulnerability is specifically located in the
type attribute of the dashboardXml parameter.Recommendations:
For versions prior to 7.1.0.25, update to version 7.1.0.25 or later.
For versions prior to 8.2.0.6, update to version 8.2.0.6 or later.
For versions prior to 8.3.0.0 GA, update to version 8.3.0.0 GA or later.
As a temporary workaround, consider restricting access to the Dashboard Editor until a patch is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pentaho