May 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Poseidon Stealer Malware Threatens Mac Users Through Google Ads – Active IOCs
July 1, 2024
Microsoft Warns of More Customers’ Emails Stolen by APT29
July 1, 2024
Poseidon Stealer Malware Threatens Mac Users Through Google Ads – Active IOCs
July 1, 2024
Microsoft Warns of More Customers’ Emails Stolen by APT29
July 1, 2024
Severity
High
Analysis Summary
CVE-2024-28984
HitachiVantara Pentaho Business Analytics Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Analyzer plugin interface. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Impact
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-28984
Affected Vendors
Hitachi
Affected Products
- Hitachi Vantara Pentaho Data Integration & Analytics 10.1.0.0
- Hitachi Vantara Pentaho Data Integration & Analytics 9.3.0.6
Remediation
Upgrade to the latest version of Vantara Pentaho Data Integration & Analytics, available from the Hitachi Vantara Website.
