Lucene search
K

174 matches found

Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.3 views

PT-2023-3980 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition version 7.0.0.0.0 Description: The issue is related to errors in processing input data in the Analytics Server component of Oracle Business Intelligence Enterprise Edition. This can be exploited...

4.3CVSS5AI score0.00353EPSS
Exploits0References6
OSV
OSV
added 2023/05/24 10:15 p.m.4 views

CVE-2023-1158

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list...

4.3CVSS5.8AI score0.00381EPSS
Exploits0References1
NVD
NVD
added 2023/05/24 10:15 p.m.23 views

CVE-2022-4815

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...

8.8CVSS8AI score0.00628EPSS
Exploits0References1
Prion
Prion
added 2023/05/24 10:15 p.m.22 views

Design/Logic Flaw

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...

6.5CVSS8.6AI score0.00628EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/05/24 10:15 p.m.23 views

Authorization

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list...

4CVSS4.7AI score0.00381EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/05/24 9:30 p.m.7 views

CVE-2022-4815 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...

8CVSS7.1AI score0.00628EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/05/02 12:0 a.m.6 views

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device through HTTP...

6.8CVSS6.8AI score0.00575EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/02 12:0 a.m.6 views

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the device throu...

6.8CVSS6.8AI score0.00575EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/25 12:0 a.m.38 views

Oracle Business Intelligence Enterprise Edition (OAS) (Apr 2023 CPU)

The versions of Oracle Business Intelligence Enterprise Edition OBIEE OAS installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory. - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics componen...

9.8CVSS6.8AI score0.99931EPSS
Exploits50References17
OSV
OSV
added 2023/04/18 8:15 p.m.4 views

CVE-2023-21965

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Server. The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

5.7CVSS6.8AI score0.00575EPSS
Exploits0References1
OSV
OSV
added 2023/04/18 8:15 p.m.4 views

CVE-2023-21952

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Server. The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

5.7CVSS6.8AI score0.00575EPSS
Exploits0References1
Prion
Prion
added 2023/04/18 8:15 p.m.20 views

Buffer overflow

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Server. The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

3.5CVSS5.4AI score0.00575EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/18 7:54 p.m.61 views

CVE-2023-21965

Oracle Business Intelligence Enterprise Edition (OBIEE/OAS) 6.4.0.0.0 is affected by CVE-2023-21965 in the Analytics Server component. The vulnerability allows a low-privilege attacker with network access via HTTP to compromise OBIEE and potentially access all accessible data; successful attacks ...

5.7CVSS5AI score0.00575EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.2 views

PT-2023-2495 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition version 6.4.0.0.0 Description: The issue exists due to insufficient input validation in the Analytics Server component of Oracle Business Intelligence Enterprise Edition. This allows a remote...

6.8CVSS6.2AI score0.00575EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/04/12 12:0 a.m.8 views

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors during the processing of input data when performing syntactic analysis of code. This allows an attacker to execute arbitrary code.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors in the processing of input data during syntax analysis of code. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

6.5CVSS7.3AI score0.00453EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/04/12 12:0 a.m.8 views

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors during the assignment of permissions to files, allowing a hacker to execute arbitrary code.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to errors in granting permissions for files. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

9CVSS8AI score0.22179EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/04/12 12:0 a.m.7 views

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in the use of non-standard URL paths for authentication solutions. This allows attackers to escalate their privileges.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to the use of non-canonical URL paths for authentication solutions. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

8.6CVSS8AI score0.92266EPSS
Exploits6References4Affected Software1
NVD
NVD
added 2023/04/11 4:15 p.m.24 views

CVE-2022-43770

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API...

8.1CVSS6.3AI score0.00483EPSS
Exploits0References1
CVE
CVE
added 2023/04/11 3:48 p.m.41 views

CVE-2022-43770

CVE-2022-43770 affects Hitachi Vantara Pentaho Business Analytics Server. The issue is an authorization check failure in the dashboard editor plugin API, allowing insufficient access control before versions 9.3.0.0, 9.2.0.4, and 8.3.0.27. Documented impact centers on improper authorization, with ...

8.1CVSS6.7AI score0.00483EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/11 3:45 p.m.34 views

CVE-2022-3695

CVE-2022-3695 affects Hitachi Vantara Pentaho Business Analytics Server prior to 9.3.0.0, 9.2.0.4, and 8.3.0.27. The vulnerability arises when the CDE plugin is present and a malicious URL can inject content into a dashboard. Impact is content injection via URL provided to dashboards; exploitatio...

6.5CVSS6.2AI score0.00353EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder