CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-3517

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.5%

CVSS Severity

CVSS v3 Score 8.5

References

https://support.pentaho.com/hc/en-us/articles/19668665099533
https://support.pentaho.com/hc/en-us/articles/19668665099533

Products affected by CVE-2023-3517

Hitachi » Pentaho Data Integration And Analytics » Version: 1.0

cpe:2.3:a:hitachi:pentaho_data_integration_and_analytics:1.0
Hitachi » Pentaho Data Integration And Analytics » Version: 9.4.0.0

cpe:2.3:a:hitachi:pentaho_data_integration_and_analytics:9.4.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3517

Products

Pricing

Contact Us