National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Vulnerability Change Record for CVE-2015-6940

Change History

Modified Analysis - 9/23/2015 3:14:45 PM

Action Type Old Value New Value
Changed Reference Type
http://packetstormsecurity.com/files/133601/Pentaho-5.2.x-BA-Suite-PDI-Information-Disclosure.html No Types Assigned
http://packetstormsecurity.com/files/133601/Pentaho-5.2.x-BA-Suite-PDI-Information-Disclosure.html Exploit
Changed Reference Type
http://www.securityfocus.com/archive/1/archive/1/536477/100/0/threaded No Types Assigned
http://www.securityfocus.com/archive/1/archive/1/536477/100/0/threaded Exploit
Changed Reference Type
https://support.pentaho.com/entries/78884125-Security-Vulnerability-Announcement-Feb-2015 No Types Assigned
https://support.pentaho.com/entries/78884125-Security-Vulnerability-Announcement-Feb-2015 Advisory, Patch
Added CWE
CWE-200
Added CVSS V2
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Added CPE Configuration
Configuration 1
     OR
          *cpe:2.3:a:pentaho:data_integration:4.3:*:*:*:*:*:*:*
          *cpe:2.3:a:pentaho:data_integration:4.4:*:*:*:*:*:*:*
          *cpe:2.3:a:pentaho:data_integration:5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:pentaho:data_integration:5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:pentaho:data_integration:5.2:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:pentaho:business_analytics:4.5:*:*:*:*:*:*:*
          *cpe:2.3:a:pentaho:business_analytics:4.8:*:*:*:*:*:*:*
          *cpe:2.3:a:pentaho:business_analytics:5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:pentaho:business_analytics:5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:pentaho:business_analytics:5.2:*:*:*:*:*:*:*