Test Kennung:	1.3.6.1.4.1.25623.1.0.902568
Kategorie:	Web Servers
Titel:	Pentaho BI Server Multiple Vulnerabilities
Zusammenfassung:	Pentaho BI Server is prone to multiple vulnerabilities.
Beschreibung:	Summary: Pentaho BI Server is prone to multiple vulnerabilities. Vulnerability Insight: - Input passed via the 'outputType' parameter to ViewAction is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. - Password field with autocomplete enabled, which might allow physically proximate attackers to obtain the password. - Disclosure of session ID (JSESSIONID) in URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or obtain sensitive information. Affected Software/OS: Pentaho BI Server version 1.7.0.1062 and prior. Solution: Upgrade to Pentaho BI Server 3.5.0 GA or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-5099 Bugtraq: 20091013 [AntiSnatchOr] Pentaho Bi-server multiple vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/507168/100/0/threaded http://antisnatchor.com/2009/06/20/pentaho-1701062-multiple-vulnerabilities/ http://secunia.com/advisories/37024 http://www.vupen.com/english/advisories/2009/2972 Common Vulnerability Exposure (CVE) ID: CVE-2009-5100 Common Vulnerability Exposure (CVE) ID: CVE-2009-5101
Copyright	Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.