54 matches found
EUVD-2024-26045
Malicious code in bioql PyPI...
EUVD-2024-26044
Malicious code in bioql PyPI...
EUVD-2021-32217
Malicious code in bioql PyPI...
EUVD-2022-52068
Malicious code in bioql PyPI...
Hitachi Pentaho Business Analytics Server 8.3.x < 9.3.0.2 / 9.4.x < 9.4.0.1 Remote Code Execution
Hitachi Pentaho Business Analytics Server versions 8.3.x prior to 9.3.0.2 or 9.4.x prior to 9.4.0.1 suffer from a remote code execution vulnerability. An attacker can exploit this issue by sending a specially crafted HTTP request to the affected application. A successful exploit could allow the...
CVE-2021-45448
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended...
Hitachi Vantara Pentaho Business Analytics Server 安全漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2, which stems from an...
CVE-2024-37360
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to othe...
CVE-2024-37359
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 an...
Hitachi Vantara Pentaho Business Analytics Server 代码问题漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration and business analytics platform from Hitachi, Ltd Hitachi, Japan. A code issue vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from the presence of unverified deserialized...
CVE-2022-43941
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...
CVE-2022-43940
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service...
PT-2025-7452 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.0 and 9.3.0.9, including 8.3.x Description: The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality...
CVE-2024-28984
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface...
VulnCheck KEV: CVE-2022-43939
Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization...
CVE-2023-2358 Hitachi Vantara Pentaho Business Analytics Server – Password Stored in a Recoverable Format
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext...
CVE-2023-1158
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list...
CVE-2022-4815
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...
Authorization
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list...
Design/Logic Flaw
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...