Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pentaho vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2006-5675
Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite prior to 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these s...
Pentaho Business Intelligence Suite 1.2 Rc2
1 EDB exploit
7.5
CVSSv2
CVE-2021-34684
Hitachi Vantara Pentaho Business Analytics up to and including 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.
Hitachi Vantara Pentaho
6.8
CVSSv2
CVE-2016-10701
In Hitachi Vantara Pentaho BA Platform up to and including 8.0, a CSRF issue exists in the Business Analytics application.
Hitachivantara Pentaho Business Analytics
6.5
CVSSv2
CVE-2021-34685
UploadService in Hitachi Vantara Pentaho Business Analytics up to and including 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allo...
Hitachi Vantara Pentaho
6.5
CVSSv2
CVE-2021-31599
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
5
CVSSv2
CVE-2021-31602
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicat...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
1 Github repository
5
CVSSv2
CVE-2015-6940
The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x up to and including 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x up to and including 5.2.x does not restrict access to files in the pentaho-solutions/system folder, ...
Pentaho Data Integration 4.3
Pentaho Data Integration 5.1
Pentaho Data Integration 5.2
Pentaho Data Integration 4.4
Pentaho Data Integration 5.0
Pentaho Business Analytics 4.8
Pentaho Business Analytics 5.0
Pentaho Business Analytics 4.5
Pentaho Business Analytics 5.1
Pentaho Business Analytics 5.2
5
CVSSv2
CVE-2009-5101
Pentaho BI Server 1.7.0.1062 and previous versions includes the session ID (JSESSIONID) in the URL, which allows malicious users to obtain it from session history, referer headers, or sniffing of web traffic.
Pentaho Bi Server 1.2.0
Pentaho Bi Server 1.6.0
Pentaho Bi Server
4.3
CVSSv2
CVE-2009-5099
Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the outputType parameter.
Pentaho Bi Server 1.2.0
Pentaho Bi Server
Pentaho Bi Server 1.6.0
4
CVSSv2
CVE-2021-31600
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (rega...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »