Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hitachi vantara pentaho business analytics server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-3695
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present.
Hitachivantara Pentaho Business Analytics
NA
CVE-2022-4771
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
NA
CVE-2022-3960
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
NA
CVE-2022-43939
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
1 Metasploit module
NA
CVE-2022-43938
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
NA
CVE-2022-43941
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
NA
CVE-2022-4769
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name.
Hitachi Vantara Pentaho Business Analytics Server
NA
CVE-2022-4770
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).
Hitachi Vantara Pentaho Business Analytics Server
NA
CVE-2022-43771
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.
Hitachi Vantara Pentaho Business Analytics Server
NA
CVE-2022-43772
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.
Hitachi Vantara Pentaho Business Analytics Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »