Lucene search

CVE-2024-28984

🗓️ 26 Jun 2024 23:19:15Reported by HITVANType

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7 allow injection of content via malicious URLs

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 3
nvd	CVE-2024-28984	26 Jun 202423:15	–	nvd
cvelist	CVE-2024-28984 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	26 Jun 202422:41	–	cvelist
vulnrichment	CVE-2024-28984 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	26 Jun 202422:41	–	vulnrichment

Nvd

Node

hitachi pentaho_business_analytics_serverRange<9.3.0.7

hitachi pentaho_business_analytics_serverRange9.3.1.0–10.1.0.0

[
  {
    "defaultStatus": "unaffected",
    "product": "Pentaho Business Analytics Server",
    "vendor": "Hitachi Vantara",
    "versions": [
      {
        "lessThan": "9.3.0.7",
        "status": "affected",
        "version": "1.0",
        "versionType": "maven"
      },
      {
        "lessThan": "10.1.0.0",
        "status": "affected",
        "version": "8.3",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
support	www.support.pentaho.com/hc/en-us/articles/27569319605901-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28984

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Jun 2024 23:15Current

7.3High risk

Vulners AI Score7.3

CVSS36.1 - 8.8

EPSS0.00167

SSVC

CWE-79