Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Engineering SpagoBI 代码注入漏洞
Vulnerability Description
Engineering SpagoBI是意大利Engineering集团公司的一款开源的基于J2EE框架的商业智能套件。该套件主要用于管理BI对象,如报表、记分卡以及数据挖掘模型等,并可通过BI管理器控制、校验、验证与分发这些BI对象。 Engineering SpagoBI 5.0.0版本的accessibility引擎的默认配置中存在安全漏洞,该漏洞源于程序没有设置FEATURE_SECURE_PROCESSING。远程攻击者可借助特制的XSL文档利用该漏洞执行任意Java代码。
CVSS Information
N/A
Vulnerability Type
N/A