HIGH🇬🇧 English

CVE-2023-3517

CVSS 8.5v3.1pub. 2023-12-12upd. 2024-11-21

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N
  • Hitachi Pentaho Data Integration And Analytics

    APP
    Hitachi
    1.0 – 9.3.0.5 (bez)9.4.0.0 – 9.5.0.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-11159CRITICAL9.1PL ✓ten sam vendor

Hitachi Vantara Pentaho – RCE przez podatny sterownik JDBC H2

CVE-2025-11158CRITICAL9.1PL ✓ten sam vendor

RCE przez brak restrykcji skryptów Groovy w raportach PRPT — Pentaho

CVE-2023-34142CRITICAL9.0ten sam vendor

Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Dev...

CVE-2022-41552CRITICAL9.8ten sam vendor

Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Ce...

CVE-2022-34882CRITICAL9.0ten sam vendor

Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapte...