1 results (0.003 seconds)
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0
CVE-2023-3517 – Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')
https://notcve.org/view.php?id=CVE-2023-3517
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources. Las versiones de Hitachi Vantara Pentaho Data Integration & Analytics anteriores a 9.5.0.1 y 9.3.0.5, incluida 8.3.x, no restringen los identificadores JNDI durante la creación de XActions, lo que permite el control de las fuentes de datos a nivel del sistema. • https://support.pentaho.com/hc/en-us/articles/19668665099533 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •