CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-24665

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.1%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
https://www.accenture.com
http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
https://www.accenture.com

Products affected by CVE-2020-24665

Hitachi » Vantara Pentaho » Version: 7.0.0

cpe:2.3:a:hitachi:vantara_pentaho:7.0.0
Hitachi » Vantara Pentaho » Version: 8.0.0

cpe:2.3:a:hitachi:vantara_pentaho:8.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24665

Products

Pricing

Contact Us