2 matches found
CVE-2015-6940
The GetResource servlet in Pentaho Business Analytics BA Suite 4.5.x, 4.8.x, and 5.0.x through 5.2.x and Pentaho Data Integration PDI Suite 4.3.x, 4.4.x, and 5.0.x through 5.2.x does not restrict access to files in the pentaho-solutions/system folder, which allows remote attackers to obtain...
CVE-2015-6940
CVE-2015-6940 affects Pentaho BA Suite (4.5.x, 4.8.x, 5.0.x–5.2.x) and PDI Suite (4.3.x–5.2.x); the GetResource servlet does not restrict access to pentaho-solutions/system, enabling remote attackers to retrieve passwords and other sensitive info via a resource parameter. Impact is information di...