Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pentaho vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-31602
An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicat...
Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Intelligence Server
1 Github repository
NA
CVE-2022-43773
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled.
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server
NA
CVE-2022-43940
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
NA
CVE-2022-4771
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
NA
CVE-2022-3960
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
NA
CVE-2022-43769
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server
1 Metasploit module
NA
CVE-2022-43938
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
NA
CVE-2022-43939
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
1 Metasploit module
NA
CVE-2022-43941
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
NA
CVE-2021-45447
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the netw...
Hitachi Vantara Pentaho
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »