CVE-2015-6940
CVE-2015-6940 affects Pentaho BA Suite (4.5.x, 4.8.x, 5.0.x–5.2.x) and PDI Suite (4.3.x–5.2.x); the GetResource servlet does not restrict access to pentaho-solutions/system, enabling remote attackers to retrieve passwords and other sensitive info via a resource parameter. Impact is information di...