Lucene search
K

241 matches found

Prion
Prion
added 2023/12/12 11:15 p.m.13 views

Design/Logic Flaw

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources...

6.5CVSS7.3AI score0.00642EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/12 10:28 p.m.16 views

CVE-2023-3517 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources...

8.5CVSS9AI score0.00642EPSS
Exploits0References1
CVE
CVE
added 2023/12/12 10:28 p.m.33 views

CVE-2023-3517

Hitachi Vantara Pentaho Data Integration & Analytics (Hitachi Pentaho) contains a vulnerability where versions before 9.5.0.1 and 9.3.0.5, including 8.3.x, do not restrict JNDI identifiers during the creation of XActions, allowing an attacker to influence system‑level data sources. Affected produ...

8.8CVSS8.8AI score0.00642EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.3 views

Hitachi Vantara Pentaho Data Integration & Analytics Security Breach

Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analytics system from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 9.5.0.1, prior to 9.3.0.5, and 8.3.x, which stems from an...

8.8CVSS7AI score0.00642EPSS
Exploits0References2
CNVD
CNVD
added 2023/12/05 12:0 a.m.14 views

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2023-9570901)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be...

5.4CVSS6.1AI score0.00415EPSS
Exploits0References1
CNVD
CNVD
added 2023/12/05 12:0 a.m.12 views

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2023-9571199)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server suffers from a cross-site scripting vulnerability that stems...

5.4CVSS6.3AI score0.00415EPSS
Exploits0References1
CNVD
CNVD
added 2023/12/05 12:0 a.m.25 views

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2023-9571000)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be...

5.4CVSS6AI score0.00415EPSS
Exploits0References1
CNVD
CNVD
added 2023/12/05 12:0 a.m.20 views

IBM InfoSphere Information Server Input Validation Error Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An input validation error vulnerability exists in IBM InfoSphere Information Server, which can b...

7.5CVSS6.6AI score0.01087EPSS
Exploits0References1
CNVD
CNVD
added 2023/12/05 12:0 a.m.21 views

IBM InfoSphere Information Server Cross-Site Request Forgery Vulnerability (CNVD-2023-9571298)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site request forgery vulnerability exists in IBM InfoSphere Information Server, which ca...

8.8CVSS6.5AI score0.00299EPSS
Exploits0References1
CNVD
CNVD
added 2023/12/05 12:0 a.m.15 views

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2023-9571496)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server that...

5.3CVSS6.1AI score0.00713EPSS
Exploits0References1
CNVD
CNVD
added 2023/12/05 12:0 a.m.16 views

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2023-9570703)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server, which can b...

5.9CVSS5.8AI score0.00518EPSS
Exploits0References1
CNVD
CNVD
added 2023/12/05 12:0 a.m.16 views

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2023-9570802)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be...

5.4CVSS6AI score0.00415EPSS
Exploits0References1
CNVD
CNVD
added 2023/11/21 12:0 a.m.6 views

IBM InfoSphere Information Server Elevation of Privilege Vulnerability (CNVD-2023-91221)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An elevation of privilege vulnerability exists in IBM InfoSphere Information Server version 11.7...

8.1CVSS6.3AI score0.00603EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/10/26 5:23 a.m.88 views

Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data

Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version...

9.8CVSS10.2AI score0.97106EPSS
Exploits22
CNVD
CNVD
added 2023/10/23 12:0 a.m.17 views

Apache InLong Deserialization Vulnerability (CNVD-2023-93323)

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong has a deserialization vulnerability that originates from unsafe deserialization processing of serialized data receive...

7.5CVSS7.2AI score0.00969EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/09/04 12:0 a.m.6 views

The vulnerability of the Softing edgeAggregator data integration tool lies in its lack of protection for website structures, allowing attackers to execute arbitrary code with root privileges.

The vulnerability of the Softing edgeAggregator data integration tool is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges...

7.5CVSS7.7AI score0.01063EPSS
Exploits0References3
CNVD
CNVD
added 2023/08/29 12:0 a.m.21 views

IBM InfoSphere Information Server Cross-Site Request Forgery Vulnerability (CNVD-2023-91223)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site request forgery vulnerability exists in IBM InfoSphere Information Server version...

8.8CVSS6.2AI score0.00293EPSS
Exploits0References1
CNVD
CNVD
added 2023/08/29 12:0 a.m.19 views

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2023-91224)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Systems version 11....

7.5CVSS5.9AI score0.00565EPSS
Exploits0References1
CNVD
CNVD
added 2023/08/11 12:0 a.m.22 views

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2023-68779)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server version 11.7...

6.5CVSS5.8AI score0.0046EPSS
Exploits0References1
CNVD
CNVD
added 2023/07/30 12:0 a.m.13 views

Apache InLong Deserialization Vulnerability (CNVD-2023-70280)

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions 1.4.0 to 1.7.0. The vulnerability stems from insecure...

7.5CVSS6.8AI score0.01323EPSS
Exploits0References1
Rows per page
Query Builder