CVE-2024-28983
published 2024-06-26CVE-2024-28983: Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the…
PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.29%
20.9th percentile
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi | pentaho_business_analytics_server | >= 8.3.0 < 9.3.0.7 | 9.3.0.7 |
| hitachi | pentaho_business_analytics_server | >= 9.3.1.0 < 10.1.0.0 | 10.1.0.0 |
| hitachi_vantara | pentaho_business_analytics_server | >= 1.0 < 9.3.0.7 | 9.3.0.7 |
| hitachi_vantara | pentaho_business_analytics_server | >= 8.3 < 10.1.0.0 | 10.1.0.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.pentaho.com/hc/en-us/articles/27569257123725-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28983https://support.pentaho.com/hc/en-us/articles/27569257123725-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28983
2024-06-26
Published