Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hitachi vantara pentaho vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-24670
The Dashboard Editor in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' att...
Hitachi Vantara Pentaho
3.5
CVSSv2
CVE-2020-24664
The dashboard Editor in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title'...
Hitachi Vantara Pentaho
NA
CVE-2023-5617
Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.
NA
CVE-2023-3517
Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.
Hitachi Pentaho Data Integration And Analytics
NA
CVE-2023-2358
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext.
Hitachivantara Pentaho Business Analytics
Hitachivantara Pentaho Business Analytics 8.3.0.0
NA
CVE-2022-4815
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods.
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho
NA
CVE-2023-1158
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list.
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho
NA
CVE-2022-43770
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API.
Hitachivantara Pentaho Business Analytics
NA
CVE-2022-3695
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present.
Hitachivantara Pentaho Business Analytics
NA
CVE-2022-43771
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.
Hitachi Vantara Pentaho Business Analytics Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »