3 matches found
CVE-2021-45448
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended...
CVE-2021-45448 Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user supplied path to access resources that are out of bounds.
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended...
CVE-2021-45448
Pentaho CVE-2021-45448 affects Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 when using the Pentaho Analyzer plugin. A service endpoint for templates accepts a user-supplied path and fails to neutralize path traversal characters, allowing an attacker to access resources o...