DOM-Based Cross-Site Scripting Vulnerability in Hitachi Vantara Pentaho
CVE-2020-24669

5.4MEDIUM

Key Information:

Vendor: Hitachi
Status: Vantara Pentaho
Vendor: CVE Published:; 29 January 2021

What is CVE-2020-24669?

Hitachi Vantara Pentaho versions 7.x through 8.x are susceptible to a DOM-based cross-site scripting (XSS) vulnerability. This issue allows authenticated remote users to inject and execute arbitrary JavaScript code through the 'Analysis Report Description' field found in the 'About this Report' section. The vulnerability has been remediated in versions 8.3.0.9, 9.0.0.1, and 9.1.0.0 GA, emphasizing the importance for users to update their installations to ensure system security.

References

https://www.accenture.com

x_refsource_MISC

http://www.hitachi.com/hirt/hitachi-sec/2020/601.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2021
Vulnerability Reserved
Aug 26, 2020