Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pentaho vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-24665
The Dashboard Editor in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'das...
Hitachi Vantara Pentaho
5.4
CVSSv3
CVE-2020-24670
The Dashboard Editor in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' att...
Hitachi Vantara Pentaho
5.4
CVSSv3
CVE-2020-24666
The Analysis Report in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name'...
Hitachi Vantara Pentaho
5.4
CVSSv3
CVE-2020-24669
The New Analysis Report in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Re...
Hitachi Vantara Pentaho
6.5
CVSSv3
CVE-2021-45448
Pentaho Business Analytics Server versions prior to 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathna...
Hitachi Vantara Pentaho
9.8
CVSSv3
CVE-2021-34684
Hitachi Vantara Pentaho Business Analytics up to and including 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.
Hitachi Vantara Pentaho
7.2
CVSSv3
CVE-2021-34685
UploadService in Hitachi Vantara Pentaho Business Analytics up to and including 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allo...
Hitachi Vantara Pentaho
7.5
CVSSv3
CVE-2021-45446
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located in...
Hitachi Vantara Pentaho
7.5
CVSSv3
CVE-2021-45447
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the netw...
Hitachi Vantara Pentaho
6.1
CVSSv3
CVE-2022-3695
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present.
Hitachivantara Pentaho Business Analytics
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »