CVE-2009-5101

Exploit

EPSS 0.29%
Veröffentlicht 13.09.2011 19:59:26
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pentaho ≫ Bi Server Version <= 1.7.0.1062

Pentaho ≫ Bi Server Version1.2.0

Pentaho ≫ Bi Server Version1.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.495

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://antisnatchor.com/2009/06/20/pentaho-1701062-multiple-vulnerabilities/

Exploit

http://www.securityfocus.com/archive/1/507168/100/0/threaded

http://jira.pentaho.com/browse/BISERVER-3245

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2009-5101

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-5101

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-5101

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2009-5101