ID de Prueba:	1.3.6.1.4.1.25623.1.0.808208
Categoría:	Web application abuses
Título:	Pentaho Business Analytics Information Disclosure Vulnerability - Active Check
Resumen:	Pentaho Business Analytics is prone to an information; disclosure vulnerability.
Descripción:	Summary: Pentaho Business Analytics is prone to an information disclosure vulnerability. Vulnerability Insight: The flaw is due to the GetResource servlet, a vestige of the old platform UI, allows unauthenticated access to resources in the pentaho-solutions/system folder. Specifically vulnerable are properties files that may reveal passwords. Vulnerability Impact: Successful exploitation will allow unauthenticated access to properties files in the system solution which include properties files containing passwords. Affected Software/OS: Versions 4.5.x, 4.8.x, 5.0.x, 5.1.x and 5.2.x. Solution: Apply the patch from the referenced advisory. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6940 Bugtraq: 20150916 Fwd: [CVE-2015-6940] Pentaho GA PDI & GA BA - Improper authentication allows unauthenticated access to configuration files (Google Search) http://www.securityfocus.com/archive/1/536477/100/0/threaded http://packetstormsecurity.com/files/133601/Pentaho-5.2.x-BA-Suite-PDI-Information-Disclosure.html
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.