241 matches found
Design/Logic Flaw
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources...
CVE-2023-3517 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources...
CVE-2023-3517
Hitachi Vantara Pentaho Data Integration & Analytics (Hitachi Pentaho) contains a vulnerability where versions before 9.5.0.1 and 9.3.0.5, including 8.3.x, do not restrict JNDI identifiers during the creation of XActions, allowing an attacker to influence system‑level data sources. Affected produ...
Hitachi Vantara Pentaho Data Integration & Analytics Security Breach
Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analytics system from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 9.5.0.1, prior to 9.3.0.5, and 8.3.x, which stems from an...
IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2023-9570901)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be...
IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2023-9571199)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server suffers from a cross-site scripting vulnerability that stems...
IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2023-9571000)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be...
IBM InfoSphere Information Server Input Validation Error Vulnerability
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An input validation error vulnerability exists in IBM InfoSphere Information Server, which can b...
IBM InfoSphere Information Server Cross-Site Request Forgery Vulnerability (CNVD-2023-9571298)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site request forgery vulnerability exists in IBM InfoSphere Information Server, which ca...
IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2023-9571496)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server that...
IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2023-9570703)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server, which can b...
IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2023-9570802)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be...
IBM InfoSphere Information Server Elevation of Privilege Vulnerability (CNVD-2023-91221)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An elevation of privilege vulnerability exists in IBM InfoSphere Information Server version 11.7...
Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data
Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version...
Apache InLong Deserialization Vulnerability (CNVD-2023-93323)
Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong has a deserialization vulnerability that originates from unsafe deserialization processing of serialized data receive...
The vulnerability of the Softing edgeAggregator data integration tool lies in its lack of protection for website structures, allowing attackers to execute arbitrary code with root privileges.
The vulnerability of the Softing edgeAggregator data integration tool is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges...
IBM InfoSphere Information Server Cross-Site Request Forgery Vulnerability (CNVD-2023-91223)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site request forgery vulnerability exists in IBM InfoSphere Information Server version...
IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2023-91224)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Systems version 11....
IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2023-68779)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server version 11.7...
Apache InLong Deserialization Vulnerability (CNVD-2023-70280)
Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions 1.4.0 to 1.7.0. The vulnerability stems from insecure...