CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-6940

The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x through 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x through 5.2.x does not restrict access to files in the pentaho-solutions/system folder, which allows remote attackers to obtain passwords and other sensitive information via a file name in the resource parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.3%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2015-6940

Pentaho » Business Analytics » Version: 4.5

cpe:2.3:a:pentaho:business_analytics:4.5
Pentaho » Business Analytics » Version: 4.8

cpe:2.3:a:pentaho:business_analytics:4.8
Pentaho » Business Analytics » Version: 5.0

cpe:2.3:a:pentaho:business_analytics:5.0
Pentaho » Business Analytics » Version: 5.1

cpe:2.3:a:pentaho:business_analytics:5.1
Pentaho » Business Analytics » Version: 5.2

cpe:2.3:a:pentaho:business_analytics:5.2
Pentaho » Data Integration » Version: 4.3

cpe:2.3:a:pentaho:data_integration:4.3
Pentaho » Data Integration » Version: 4.4

cpe:2.3:a:pentaho:data_integration:4.4
Pentaho » Data Integration » Version: 5.0

cpe:2.3:a:pentaho:data_integration:5.0
Pentaho » Data Integration » Version: 5.1

cpe:2.3:a:pentaho:data_integration:5.1
Pentaho » Data Integration » Version: 5.2

cpe:2.3:a:pentaho:data_integration:5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-6940

Products

Pricing

Contact Us