Hitachi

Vantara Pentaho Business Analytics Server

14 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-4815

  • EPSS 0.51%
  • Published 24.05.2023 22:15:09
  • Last modified 21.11.2024 07:35:59

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 

4.3

CVE-2023-1158

  • EPSS 0.17%
  • Published 24.05.2023 22:15:09
  • Last modified 21.11.2024 07:38:34

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 

8.8

CVE-2022-43938

  • EPSS 20.96%
  • Published 03.04.2023 19:15:07
  • Last modified 21.11.2024 07:27:22

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. 

9.8

CVE-2022-43939

Warning Exploit
  • EPSS 87.5%
  • Published 03.04.2023 19:15:07
  • Last modified 13.03.2025 19:52:44

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.

8.8

CVE-2022-43940

  • EPSS 0.2%
  • Published 03.04.2023 19:15:07
  • Last modified 21.11.2024 07:27:23

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 

6.5

CVE-2022-43941

  • EPSS 0.06%
  • Published 03.04.2023 19:15:07
  • Last modified 21.11.2024 07:27:23

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 

4.3

CVE-2022-4769

  • EPSS 0.19%
  • Published 03.04.2023 19:15:07
  • Last modified 21.11.2024 07:35:54

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. 

4.3

CVE-2022-4770

  • EPSS 0.19%
  • Published 03.04.2023 19:15:07
  • Last modified 21.11.2024 07:35:54

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 

6.1

CVE-2022-4771

  • EPSS 0.25%
  • Published 03.04.2023 19:15:07
  • Last modified 21.11.2024 07:35:54

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 

6.3

CVE-2022-3960

  • EPSS 0.14%
  • Published 03.04.2023 19:15:06
  • Last modified 21.11.2024 07:20:37

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin.