Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pentaho BI Server信息泄露漏洞
Vulnerability Description
Pentaho BI Server由一个BI框架和BI组件组成,运行于兼容J2EE的容器中,包含用于报表,分析,仪表盘,用户终端安全,数据整合,调度,email和桌面通知以及工作流的引擎和组件。 Pentaho BI Server 1.7.0.1062及之前版本包含了URL中的会话ID(JSESSIONID)。攻击者可利用该漏洞获取会话历史记录,引用头或者web流量嗅探中的会话ID。
CVSS Information
N/A
Vulnerability Type
N/A