Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x through 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x through 5.2.x does not restrict access to files in the pentaho-solutions/system folder, which allows remote attackers to obtain passwords and other sensitive information via a file name in the resource parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pentaho Business Analytics和Pentaho Data Integration 信息泄露漏洞
Vulnerability Description
Pentaho Business Analytics(BA)和Pentaho Data Integration(PDI)都是美国Pentaho公司的产品。BA是一套开源的提供了数据集成、OLAP服务、报告、仪表板、数据挖掘和ETL功能的业务智能(BI)系统。PDI是一套通过可视化工具获取所有数据源的大数据来创建业务完整结构的平台。 Pentaho BA Suite和PDI Suite的GetResource servlet中存在安全漏洞,该漏洞源于程序没有正确限制访问pentaho-solutions/s
CVSS Information
N/A
Vulnerability Type
N/A