CVE-2020-24669
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.
El New Analysis Report en Hitachi Vantara Pentaho versiones hasta 7.x - 8.x, contiene una vulnerabilidad de tipo Cross-site scripting basada en DOM, que permite a usuarios remotos autenticados ejecutar código JavaScript arbitrario. Específicamente, la vulnerabilidad se encuentra en el campo "Analysis Report Description" en la sección "About this Report". Corregido en versiones posteriores a 8.3.0.9 incluyéndola, versiones posteriores a 9.0.0.1 incluyéndola y versiones posteriores a 9.1.0.0 GA incluyéndola
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-26 CVE Reserved
- 2021-01-29 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.accenture.com | Not Applicable |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.hitachi.com/hirt/hitachi-sec/2020/601.html | 2021-02-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Hitachi Search vendor "Hitachi" | Vantara Pentaho Search vendor "Hitachi" for product "Vantara Pentaho" | >= 7.0.0 < 8.3.0.9 Search vendor "Hitachi" for product "Vantara Pentaho" and version " >= 7.0.0 < 8.3.0.9" | - |
Affected
| ||||||
Hitachi Search vendor "Hitachi" | Vantara Pentaho Search vendor "Hitachi" for product "Vantara Pentaho" | >= 9.0.0 < 9.0.0.1 Search vendor "Hitachi" for product "Vantara Pentaho" and version " >= 9.0.0 < 9.0.0.1" | - |
Affected
|