CVE-2009-5101
Pentaho BI Server 1.7.0.1062 and earlier is affected by CVE-2009-5101 due to including the JSESSIONID in the URL. The session ID can be obtained from session history, Referer headers, or by sniffing web traffic, enabling an attacker to hijack a user session. The CVSS base score is 5.0 (Medium) wi...