Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')
Vulnerability Description
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N
Vulnerability Type
对资源描述符的控制不恰当(资源注入)
Vulnerability Title
Hitachi Vantara Pentaho Data Integration & Analytics 其他漏洞
Vulnerability Description
Hitachi Vantara Pentaho Data Integration & Analytics是日本日立制作所(Hitachi)公司的一个数据集成与分析系统。 Hitachi Vantara Pentaho Data Integration & Analytics 9.5.0.1之前版本、9.3.0.5之前版本、8.3.x版本存在安全漏洞,该漏洞源于在创建XAction期间不限制JNDI标识符,从而允许控制系统级数据源。
CVSS Information
N/A
Vulnerability Type
N/A