CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-24670

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.8%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
https://www.accenture.com
http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
https://www.accenture.com

Products affected by CVE-2020-24670

Hitachi » Vantara Pentaho » Version: 7.0.0

cpe:2.3:a:hitachi:vantara_pentaho:7.0.0
Hitachi » Vantara Pentaho » Version: 8.0.0

cpe:2.3:a:hitachi:vantara_pentaho:8.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24670

Products

Pricing

Contact Us