Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hitachi vantara pentaho business analytics server vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-34684
Hitachi Vantara Pentaho Business Analytics up to and including 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.
Hitachi Vantara Pentaho
580
VMScore
CVE-2021-31599
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
580
VMScore
CVE-2021-34685
UploadService in Hitachi Vantara Pentaho Business Analytics up to and including 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allo...
Hitachi Vantara Pentaho
445
VMScore
CVE-2021-31602
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicat...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
1 Github repository
357
VMScore
CVE-2021-31600
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (rega...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
357
VMScore
CVE-2021-31601
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (rega...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
NA
CVE-2023-2358
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext.
Hitachivantara Pentaho Business Analytics
Hitachivantara Pentaho Business Analytics 8.3.0.0
NA
CVE-2023-1158
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list.
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho
NA
CVE-2022-4815
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods.
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho
NA
CVE-2022-3695
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present.
Hitachivantara Pentaho Business Analytics
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »