CVE-2023-3517
8.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N
Summary
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration & Analytics | 1.0 < 9.3.0.5 | affected |
| Hitachi Vantara | Pentaho Data Integration & Analytics | 9.4.0.0 < 9.5.0.1 | affected |
Weaknesses
- CWE-99: CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.