First published: Fri Jan 29 2021(Updated: )
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Hitachi Vantara Pentaho | >=7.0.0<7.1.0.25 | |
Hitachi Vantara Pentaho | >=8.0.0<8.2.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Hitachi Vantara Pentaho vulnerability is CVE-2020-24665.
The severity of CVE-2020-24665 is medium with a CVSS score of 6.5.
The affected software for CVE-2020-24665 is Hitachi Vantara Pentaho versions 7.x - 8.x.
CVE-2020-24665 is an XML Entity Expansion injection vulnerability in the Dashboard Editor of Hitachi Vantara Pentaho, allowing authenticated remote users to trigger a denial of service (DoS) condition.
To mitigate the CVE-2020-24665 vulnerability, update to a version of Hitachi Vantara Pentaho that is above 8.2.0.6 or 7.1.0.25 depending on your version.