Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pentaho vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2015-6940
The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x up to and including 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x up to and including 5.2.x does not restrict access to files in the pentaho-solutions/system folder, ...
Pentaho Data Integration 4.3
Pentaho Data Integration 5.1
Pentaho Data Integration 5.2
Pentaho Data Integration 4.4
Pentaho Data Integration 5.0
Pentaho Business Analytics 4.8
Pentaho Business Analytics 5.0
Pentaho Business Analytics 4.5
Pentaho Business Analytics 5.1
Pentaho Business Analytics 5.2
383
VMScore
CVE-2009-5099
Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the outputType parameter.
Pentaho Bi Server 1.2.0
Pentaho Bi Server
Pentaho Bi Server 1.6.0
187
VMScore
CVE-2009-5100
Pentaho BI Server 1.7.0.1062 and previous versions does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate malicious users to obtain the password.
Pentaho Bi Server 1.2.0
Pentaho Bi Server 1.6.0
Pentaho Bi Server
445
VMScore
CVE-2009-5101
Pentaho BI Server 1.7.0.1062 and previous versions includes the session ID (JSESSIONID) in the URL, which allows malicious users to obtain it from session history, referer headers, or sniffing of web traffic.
Pentaho Bi Server 1.2.0
Pentaho Bi Server 1.6.0
Pentaho Bi Server
NA
CVE-2023-1158
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list.
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho
NA
CVE-2022-4815
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods.
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho
NA
CVE-2023-2358
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext.
Hitachivantara Pentaho Business Analytics
Hitachivantara Pentaho Business Analytics 8.3.0.0
580
VMScore
CVE-2021-31599
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
357
VMScore
CVE-2021-31600
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (rega...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
357
VMScore
CVE-2021-31601
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (rega...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »