CVE-2014-7296

2014-10-0819:00:00

mitre

www.cve.org

7.1 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.3%

JSON

The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document.

References

spagoworld.org/jira/browse/SPAGOBI-1885

www.securityfocus.com/bid/70240