Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hitachi vantara pentaho business analytics server vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-31602
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicat...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
1 Github repository
4
CVSSv2
CVE-2021-31601
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (rega...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
NA
CVE-2022-43772
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.
Hitachi Vantara Pentaho Business Analytics Server
NA
CVE-2022-4769
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name.
Hitachi Vantara Pentaho Business Analytics Server
NA
CVE-2022-4770
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).
Hitachi Vantara Pentaho Business Analytics Server
NA
CVE-2022-43771
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.
Hitachi Vantara Pentaho Business Analytics Server
4
CVSSv2
CVE-2021-31600
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (rega...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
6.5
CVSSv2
CVE-2021-31599
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
7.5
CVSSv2
CVE-2021-34684
Hitachi Vantara Pentaho Business Analytics up to and including 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.
Hitachi Vantara Pentaho
6.5
CVSSv2
CVE-2021-34685
UploadService in Hitachi Vantara Pentaho Business Analytics up to and including 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allo...
Hitachi Vantara Pentaho
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »