This page lists publicly disclosed CVE vulnerabilities affecting pentaho bi_server (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2009-5101 | Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic. | [email protected] | 5.0 | 0.29% | 2011-09-13 | 2026-04-29 |
| CVE-2009-5100 | Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password. | [email protected] | 2.1 | 0.09% | 2011-09-13 | 2026-04-29 |
| CVE-2009-5099 | Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter. | [email protected] | 4.3 | 0.37% | 2011-09-13 | 2026-04-29 |