Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Vulnerability Description
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
静态存储代码中指令转义处理不恰当(静态代码注入)
Vulnerability Title
Hitachi Vantara Pentaho Business Analytics Server 代码注入漏洞
Vulnerability Description
Hitachi Vantara Pentaho Business Analytics Server是日本日立制作所(Hitachi)公司的一个现代数据混合、集成和业务分析平台。 Hitachi Vantara Pentaho Business Analytics Server 9.4.0.1之前版本存在安全漏洞,该漏洞源于不允许系统管理员通过JVM脚本管理器禁用脚本功能。
CVSS Information
N/A
Vulnerability Type
N/A