Hitachi

Vantara Pentaho

16 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-4815

  • EPSS 0.51%
  • Published 24.05.2023 22:15:09
  • Last modified 21.11.2024 07:35:59

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 

4.3

CVE-2023-1158

  • EPSS 0.17%
  • Published 24.05.2023 22:15:09
  • Last modified 21.11.2024 07:38:34

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 

6.5

CVE-2021-45448

  • EPSS 0.34%
  • Published 02.11.2022 16:15:09
  • Last modified 21.11.2024 06:32:13

Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds.  The software uses ext...

7.5

CVE-2021-45447

  • EPSS 0.15%
  • Published 02.11.2022 15:15:10
  • Last modified 21.11.2024 06:32:13

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.   The transmission of sensitive data in clear text allows unauthorize...

7.5

CVE-2021-45446

  • EPSS 0.22%
  • Published 02.11.2022 15:15:09
  • Last modified 21.11.2024 06:32:13

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder.  This directory listing provides an attacker with the complete index...

8.8

CVE-2021-31599

Exploit
  • EPSS 0.89%
  • Published 08.11.2021 04:15:08
  • Last modified 21.11.2024 06:05:58

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can...

4.3

CVE-2021-31600

Exploit
  • EPSS 0.22%
  • Published 08.11.2021 04:15:08
  • Last modified 21.11.2024 06:05:58

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authentica...

6.5

CVE-2021-31601

Exploit
  • EPSS 0.95%
  • Published 08.11.2021 04:15:08
  • Last modified 21.11.2024 06:05:58

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authentica...

7.5

CVE-2021-31602

Exploit
  • EPSS 93.11%
  • Published 08.11.2021 04:15:08
  • Last modified 21.11.2024 06:05:58

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined i...

9.8

CVE-2021-34684

Exploit
  • EPSS 36.24%
  • Published 08.11.2021 04:15:08
  • Last modified 21.11.2024 06:10:56

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...