CVE-2023-3517

Summary

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.

Affected Software

VendorProductVersion RangeStatus
Hitachi VantaraPentaho Data Integration & Analytics1.0 < 9.3.0.5affected
Hitachi VantaraPentaho Data Integration & Analytics9.4.0.0 < 9.5.0.1affected

Weaknesses

  • CWE-99: CWE-99: Improper Control of Resource Identifiers ('Resource Injection')

ADP Enrichment

CVE Program Container

Additional References

References