How severe is CVE-2024-5706?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-5706?

This is classified as CWE-99, which is a common weakness in software security.

CVE-2024-5706 - HIGH Severity | CVSS 8.8

Vulnerability Description

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. (CWE-99) Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not restrict JNDI identifiers during the creation of Community Dashboards, allowing control of system-level data sources. An attacker could gain access to or modify sensitive data or system resources. This could allow access to protected files or directories including configuration files and files containing sensitive information, which can lead to remote code execution by unauthorized users.

Related Vulnerabilities

CVE-2021-22879

HIGH

CVSS:8.8(High)

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for...

CWE-992021

CVE-2023-2980

HIGH

CVSS:8.8(High)

A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler. The manipulation leads to improper contr...

CWE-992023

CVE-2023-3517

HIGH

CVSS:8.8(High)

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system...

CWE-992023

CVE-2024-4294

HIGH

CVSS:8.8(High)

A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-...

CWE-992024

CVE-2024-4817

MEDIUM

CVSS:8.8(High)

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manage_user.php of the component HTTP R...

CWE-992024

CVE-2022-3774

CRITICAL

CVSS:9.1(Critical)

A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. Th...

CWE-992022