ID de Prueba:	1.3.6.1.4.1.25623.1.0.902568
Categoría:	Web Servers
Título:	Pentaho BI Server Multiple Vulnerabilities
Resumen:	The host is running Pentaho BI Server and is prone to multiple; vulnerabilities.
Descripción:	Summary: The host is running Pentaho BI Server and is prone to multiple vulnerabilities. Vulnerability Insight: - Input passed via the 'outputType' parameter to ViewAction is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. - Password field with autocomplete enabled, which might allow physically proximate attackers to obtain the password. - Disclosure of session ID (JSESSIONID) in URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or obtain sensitive information. Affected Software/OS: Pentaho BI Server version 1.7.0.1062 and prior. Solution: Upgrade to Pentaho BI Server 3.5.0 GA or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-5099 Bugtraq: 20091013 [AntiSnatchOr] Pentaho Bi-server multiple vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/507168/100/0/threaded http://antisnatchor.com/2009/06/20/pentaho-1701062-multiple-vulnerabilities/ http://secunia.com/advisories/37024 http://www.vupen.com/english/advisories/2009/2972 Common Vulnerability Exposure (CVE) ID: CVE-2009-5100 Common Vulnerability Exposure (CVE) ID: CVE-2009-5101
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.