Vulnerability Details CVE-2024-28983
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.1%
CVSS Severity
CVSS v3 Score 8.8
References
- https://support.pentaho.com/hc/en-us/articles/27569257123725-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28983
- https://support.pentaho.com/hc/en-us/articles/27569257123725-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28983
Products affected by CVE-2024-28983
-
cpe:2.3:a:hitachi:pentaho_business_analytics_server:8.3.0
-
cpe:2.3:a:hitachi:pentaho_business_analytics_server:9.3.1.0