Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hitachi vantara pentaho business analytics server vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2023-2358
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext.
Hitachivantara Pentaho Business Analytics
Hitachivantara Pentaho Business Analytics 8.3.0.0
4.3
CVSSv3
CVE-2023-1158
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list.
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho
8.8
CVSSv3
CVE-2022-4815
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods.
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho
6.1
CVSSv3
CVE-2022-3695
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present.
Hitachivantara Pentaho Business Analytics
8.1
CVSSv3
CVE-2022-43770
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API.
Hitachivantara Pentaho Business Analytics
6.5
CVSSv3
CVE-2022-43771
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.
Hitachi Vantara Pentaho Business Analytics Server
6.5
CVSSv3
CVE-2022-43772
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.
Hitachi Vantara Pentaho Business Analytics Server
6.3
CVSSv3
CVE-2022-3960
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
4.3
CVSSv3
CVE-2022-4770
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).
Hitachi Vantara Pentaho Business Analytics Server
8.8
CVSSv3
CVE-2022-43938
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »