Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hitachi vantara pentaho vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-34684
Hitachi Vantara Pentaho Business Analytics up to and including 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.
Hitachi Vantara Pentaho
6.8
CVSSv2
CVE-2016-10701
In Hitachi Vantara Pentaho BA Platform up to and including 8.0, a CSRF issue exists in the Business Analytics application.
Hitachivantara Pentaho Business Analytics
6.5
CVSSv2
CVE-2021-34685
UploadService in Hitachi Vantara Pentaho Business Analytics up to and including 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allo...
Hitachi Vantara Pentaho
6.5
CVSSv2
CVE-2021-31599
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
5
CVSSv2
CVE-2021-31602
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicat...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
1 Github repository
4
CVSSv2
CVE-2021-31600
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (rega...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
4
CVSSv2
CVE-2021-31601
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (rega...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
4
CVSSv2
CVE-2020-24665
The Dashboard Editor in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'das...
Hitachi Vantara Pentaho
3.5
CVSSv2
CVE-2020-24664
The dashboard Editor in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title'...
Hitachi Vantara Pentaho
3.5
CVSSv2
CVE-2020-24666
The Analysis Report in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name'...
Hitachi Vantara Pentaho
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »