CVE-2014-7296
CVE-2014-7296 affects SpagoBI 5.0.0: the accessibility engine’s default config does not enable FEATURE_SECURE_PROCESSING, allowing remote authenticated users to execute arbitrary Java code through a crafted XSL document. Impact is code execution with partial confidentiality/integrity/availability...