Every CVE whose affected-product data names Pentaho Bi Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2009-5101 — CVSS 5.0 (medium): Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session…
CVE-2009-5099 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject…
CVE-2009-5100 — CVSS 2.1 (low): Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow…