admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-289xx/CVE-2024-28982.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

126 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-28982",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2024-06-26T23:15:19.287",
"lastModified": "2024-11-21T09:07:19.063",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference."
},
{
"lang": "es",
"value": " Las versiones de Hitachi Vantara Pentaho Business Analytics Server anteriores a 10.1.0.0 y 9.3.0.7, incluida 8.3.x, no protegen correctamente el endpoint del servicio ACL de Pentaho User Console contra la referencia de entidad externa XML."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-776"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-776"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachi:pentaho_business_analytics_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.3.0",
"versionEndExcluding": "9.3.0.7",
"matchCriteriaId": "9A2AC542-B90F-4FF4-A92E-9D6B16CFC68D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachi:pentaho_business_analytics_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.3.1.0",
"versionEndExcluding": "10.1.0.0",
"matchCriteriaId": "BBB989D9-613E-472B-9F38-DF5C9F19873C"
}
]
}
]
}
],
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/27569195609869--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28982",
"source": "security.vulnerabilities@hitachivantara.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.pentaho.com/hc/en-us/articles/27569195609869--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28982",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink