Full title: Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control Vulnerability 
Category: web applications
Platform: java
Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. While most of the interfaces correctly implement ACL, the Data Source Management Service located at /pentaho/webservices/datasourceMgmtService allows low-privilege authenticated users to list the connection details of all data sources used by Pentaho.

# 0day.today @ http://0day.today/