Hitachi

Vantara Pentaho Business Analytics Server

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-4815

  • EPSS 0.51%
  • Veröffentlicht 24.05.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 07:35:59

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 

4.3

CVE-2023-1158

  • EPSS 0.17%
  • Veröffentlicht 24.05.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 07:38:34

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 

8.8

CVE-2022-43938

  • EPSS 20.96%
  • Veröffentlicht 03.04.2023 19:15:07
  • Zuletzt bearbeitet 21.11.2024 07:27:22

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. 

9.8

CVE-2022-43939

Warnung Exploit
  • EPSS 87.5%
  • Veröffentlicht 03.04.2023 19:15:07
  • Zuletzt bearbeitet 13.03.2025 19:52:44

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.

8.8

CVE-2022-43940

  • EPSS 0.2%
  • Veröffentlicht 03.04.2023 19:15:07
  • Zuletzt bearbeitet 21.11.2024 07:27:23

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 

6.5

CVE-2022-43941

  • EPSS 0.06%
  • Veröffentlicht 03.04.2023 19:15:07
  • Zuletzt bearbeitet 21.11.2024 07:27:23

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 

4.3

CVE-2022-4769

  • EPSS 0.19%
  • Veröffentlicht 03.04.2023 19:15:07
  • Zuletzt bearbeitet 21.11.2024 07:35:54

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. 

4.3

CVE-2022-4770

  • EPSS 0.19%
  • Veröffentlicht 03.04.2023 19:15:07
  • Zuletzt bearbeitet 21.11.2024 07:35:54

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 

6.1

CVE-2022-4771

  • EPSS 0.25%
  • Veröffentlicht 03.04.2023 19:15:07
  • Zuletzt bearbeitet 21.11.2024 07:35:54

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 

6.3

CVE-2022-3960

  • EPSS 0.14%
  • Veröffentlicht 03.04.2023 19:15:06
  • Zuletzt bearbeitet 21.11.2024 07:20:37

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin.