Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pentaho vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-34685
UploadService in Hitachi Vantara Pentaho Business Analytics up to and including 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allo...
Hitachi Vantara Pentaho
7.5
CVSSv3
CVE-2021-45446
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located in...
Hitachi Vantara Pentaho
6.5
CVSSv3
CVE-2021-45448
Pentaho Business Analytics Server versions prior to 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathna...
Hitachi Vantara Pentaho
5.4
CVSSv3
CVE-2020-24664
The dashboard Editor in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title'...
Hitachi Vantara Pentaho
6.5
CVSSv3
CVE-2020-24665
The Dashboard Editor in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'das...
Hitachi Vantara Pentaho
5.4
CVSSv3
CVE-2020-24666
The Analysis Report in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name'...
Hitachi Vantara Pentaho
5.4
CVSSv3
CVE-2020-24669
The New Analysis Report in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Re...
Hitachi Vantara Pentaho
5.4
CVSSv3
CVE-2020-24670
The Dashboard Editor in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' att...
Hitachi Vantara Pentaho
7.5
CVSSv3
CVE-2021-45447
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the netw...
Hitachi Vantara Pentaho
8.8
CVSSv3
CVE-2016-10701
In Hitachi Vantara Pentaho BA Platform up to and including 8.0, a CSRF issue exists in the Business Analytics application.
Hitachivantara Pentaho Business Analytics
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »