CVE-2020-24669

EUVD-2020-17383
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
hitachivantara_pentaho
7.0.0 ≤
𝑥
< 8.3.0.9
hitachivantara_pentaho
9.0.0 ≤
𝑥
< 9.0.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
https://www.accenture.com
http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
https://www.accenture.com