174 matches found
PT-2023-3980 · Oracle · Oracle Business Intelligence Enterprise Edition
Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition version 7.0.0.0.0 Description: The issue is related to errors in processing input data in the Analytics Server component of Oracle Business Intelligence Enterprise Edition. This can be exploited...
CVE-2023-1158
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list...
CVE-2022-4815
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...
Design/Logic Flaw
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...
Authorization
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list...
CVE-2022-4815 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...
The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to gain unauthorized access to the device.
The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device through HTTP...
The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to gain unauthorized access to the device.
The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the device throu...
Oracle Business Intelligence Enterprise Edition (OAS) (Apr 2023 CPU)
The versions of Oracle Business Intelligence Enterprise Edition OBIEE OAS installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory. - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics componen...
CVE-2023-21965
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Server. The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
CVE-2023-21952
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Server. The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
Buffer overflow
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Server. The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
CVE-2023-21965
Oracle Business Intelligence Enterprise Edition (OBIEE/OAS) 6.4.0.0.0 is affected by CVE-2023-21965 in the Analytics Server component. The vulnerability allows a low-privilege attacker with network access via HTTP to compromise OBIEE and potentially access all accessible data; successful attacks ...
PT-2023-2495 · Oracle · Oracle Business Intelligence Enterprise Edition
Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition version 6.4.0.0.0 Description: The issue exists due to insufficient input validation in the Analytics Server component of Oracle Business Intelligence Enterprise Edition. This allows a remote...
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors during the processing of input data when performing syntactic analysis of code. This allows an attacker to execute arbitrary code.
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors in the processing of input data during syntax analysis of code. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors during the assignment of permissions to files, allowing a hacker to execute arbitrary code.
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to errors in granting permissions for files. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in the use of non-standard URL paths for authentication solutions. This allows attackers to escalate their privileges.
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to the use of non-canonical URL paths for authentication solutions. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
CVE-2022-43770
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API...
CVE-2022-43770
CVE-2022-43770 affects Hitachi Vantara Pentaho Business Analytics Server. The issue is an authorization check failure in the dashboard editor plugin API, allowing insufficient access control before versions 9.3.0.0, 9.2.0.4, and 8.3.0.27. Documented impact centers on improper authorization, with ...
CVE-2022-3695
CVE-2022-3695 affects Hitachi Vantara Pentaho Business Analytics Server prior to 9.3.0.0, 9.2.0.4, and 8.3.0.27. The vulnerability arises when the CDE plugin is present and a malicious URL can inject content into a dashboard. Impact is content injection via URL provided to dashboards; exploitatio...