Pentaho BI Server 1.7.0.1062 and previous versions includes the session ID (JSESSIONID) in the URL, which allows malicious users to obtain it from session history, referer headers, or sniffing of web traffic.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pentaho bi server 1.2.0 |
||
pentaho bi server 1.6.0 |
||
pentaho bi server |