The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x up to and including 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x up to and including 5.2.x does not restrict access to files in the pentaho-solutions/system folder, which allows remote malicious users to obtain passwords and other sensitive information via a file name in the resource parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pentaho data integration 4.3 |
||
pentaho data integration 5.1 |
||
pentaho data integration 5.2 |
||
pentaho data integration 4.4 |
||
pentaho data integration 5.0 |
||
pentaho business analytics 4.8 |
||
pentaho business analytics 5.0 |
||
pentaho business analytics 4.5 |
||
pentaho business analytics 5.1 |
||
pentaho business analytics 5.2 |