CVE-2024-28982

Summary

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.

Affected Software

VendorProductVersion RangeStatus
Hitachi VantaraPentaho Business Analytics Server1.0 < 9.3.0.7affected
Hitachi VantaraPentaho Business Analytics Server8.3 < 10.1.0.0affected

Weaknesses

  • CWE-776: CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References