Details of VAR-202101-0207

ID

VAR-202101-0207

CVE

CVE-2020-24669

TITLE

Hitachi Vantara Pentaho Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-2557

DESCRIPTION

The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA

Trust: 0.99

sources: NVD: CVE-2020-24669 // VULMON: CVE-2020-24669

AFFECTED PRODUCTS

vendor:	hitachi	model:	vantara pentaho	scope:	lt	version:	8.3.0.9	Trust: 1.0
vendor:	hitachi	model:	vantara pentaho	scope:	gte	version:	9.0.0	Trust: 1.0
vendor:	hitachi	model:	vantara pentaho	scope:	lt	version:	9.0.0.1	Trust: 1.0
vendor:	hitachi	model:	vantara pentaho	scope:	gte	version:	7.0.0	Trust: 1.0

sources: NVD: CVE-2020-24669

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-24669
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202101-2557
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-24669
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-24669
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2020-24669
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2020-24669 // CNNVD: CNNVD-202101-2557 // NVD: CVE-2020-24669

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.0

sources: NVD: CVE-2020-24669

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-2557

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202101-2557

PATCH

title:

Hitachi Vantara Pentaho Fixes for cross-site scripting vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140138

Trust: 0.6

sources: CNNVD: CNNVD-202101-2557

EXTERNAL IDS

db:	NVD	id:	CVE-2020-24669	Trust: 1.7
db:	CNNVD	id:	CNNVD-202101-2557	Trust: 0.6
db:	VULMON	id:	CVE-2020-24669	Trust: 0.1

sources: VULMON: CVE-2020-24669 // CNNVD: CNNVD-202101-2557 // NVD: CVE-2020-24669

REFERENCES

url:	http://www.hitachi.com/hirt/hitachi-sec/2020/601.html	Trust: 1.7
url:	https://www.accenture.com	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24669	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195831	Trust: 0.1

sources: VULMON: CVE-2020-24669 // CNNVD: CNNVD-202101-2557 // NVD: CVE-2020-24669

SOURCES

db:	VULMON	id:	CVE-2020-24669
db:	CNNVD	id:	CNNVD-202101-2557
db:	NVD	id:	CVE-2020-24669

LAST UPDATE DATE

2024-11-23T22:58:05.183000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-24669	date:	2021-02-04T00:00:00
db:	CNNVD	id:	CNNVD-202101-2557	date:	2021-02-09T00:00:00
db:	NVD	id:	CVE-2020-24669	date:	2024-11-21T05:15:36.727

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-24669	date:	2021-01-29T00:00:00
db:	CNNVD	id:	CNNVD-202101-2557	date:	2021-01-29T00:00:00
db:	NVD	id:	CVE-2020-24669	date:	2021-01-29T19:15:13.100