Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pentaho vulnerabilities and exploits
(subscribe to this query)
580
VMScore
CVE-2021-34685
UploadService in Hitachi Vantara Pentaho Business Analytics up to and including 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allo...
Hitachi Vantara Pentaho
312
VMScore
CVE-2020-24664
The dashboard Editor in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title'...
Hitachi Vantara Pentaho
356
VMScore
CVE-2020-24665
The Dashboard Editor in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'das...
Hitachi Vantara Pentaho
312
VMScore
CVE-2020-24666
The Analysis Report in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name'...
Hitachi Vantara Pentaho
312
VMScore
CVE-2020-24669
The New Analysis Report in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Re...
Hitachi Vantara Pentaho
312
VMScore
CVE-2020-24670
The Dashboard Editor in Hitachi Vantara Pentaho up to and including 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' att...
Hitachi Vantara Pentaho
NA
CVE-2021-45446
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located in...
Hitachi Vantara Pentaho
NA
CVE-2021-45448
Pentaho Business Analytics Server versions prior to 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathna...
Hitachi Vantara Pentaho
NA
CVE-2021-45447
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the netw...
Hitachi Vantara Pentaho
NA
CVE-2022-43770
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API.
Hitachivantara Pentaho Business Analytics
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »