CVE-2020-24669
Summary
| CVE | CVE-2020-24669 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-01-29 19:15:00 UTC |
| Updated | 2021-02-04 16:24:00 UTC |
| Description | The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hitachi | Vantara Pentaho | All | All | All | All |
| Application | Hitachi | Vantara Pentaho | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Accenture | Let there be change | MISC | www.accenture.com | Not Applicable |
| hitachi-sec-2020-601Multiple Vulnerabilities in Pentaho : Hitachi Incident Response Team : Hitachi | MISC | www.hitachi.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.