CVE-2025-24907 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...

CVE-2025-24908 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...

CVE-2025-0756 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Description Hitachi Vantara Pentaho Data Integration &...

CVE-2025-0756

Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.2 (including 9.3.x and 8.3.x) do not restrict JNDI identifiers when creating platform data sources, enabling untrusted input to be used as resource identifiers. This can lead to access to, or modification of, sensitive ...

Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analytics system from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.2, which stems from the UploadFile service not properl...

Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analytics system from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.2, which stems from the CGG Draw API not properly...

Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analytics system from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.2, which stems from an unrestricted JNDI identifier an...

PT-2025-16913 · Hitachi Vantara · Hitachi Vantara Pentaho Data Integration & Analytics

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.2 Description: The product receives input from an upstream component but does not restrict or incorrectly restricts the input before it is used as an identifier for...

PT-2025-16914 · Hitachi Vantara · Hitachi Vantara Pentaho Data Integration & Analytics

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.2, including 9.3.x and 8.3.x Description: The product uses external input to construct a pathname that should be within a restricted directory, but it does not...

IBM InfoSphere Information Server Log Information Disclosure Vulnerability (CNVD-2025-06808)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7, which stems...

The vulnerability of the IBM Security Verify Directory data integration tool lies in the insufficient checking of unusual or exceptional states, which allows a perpetrator to trigger a service failure.

The vulnerability of the IBM Security Verify Directory data integration tool is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the software for data integration and analytics in Hitachi Vantara Pentaho Data Integration & Analytics lies in improper management of resource identifiers. This allows attackers to disclose sensitive information, gain elevated privileges, and execute arbitrary code.

The vulnerability of the Hitachi Vantara Pentaho Data Integration & Analytics software for data integration and analysis is related to improper management of resource identifiers. Exploiting this vulnerability can allow a malicious actor to disclose protected information, enhance their privileges...

The vulnerability of the software for data integration and analysis in Hitachi Vantara Pentaho Data Integration & Analytics lies in the insufficient protection of registration data, which allows attackers to disclose confidential information.

The vulnerability of the software for data integration and analytics in Hitachi Vantara Pentaho Data Integration & Analytics relates to insufficient protection of registration data. Exploiting this vulnerability could allow a malicious actor to disclose confidential information...

Why MDR In 2025 Is About Scaling With Purpose

Forrester recently released “The Forrester Wave™: Managed Detection and Response MDR Services, Q1 2025,", highlighting the top 10 MDR providers out of more than 600 worldwide. While we’re honored to be recognized in such a competitive market, Rapid7’s designation underscores a fundamental...

CVE-2024-5706

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Hitachi Vantara Pentaho Data Integration & Analytics versions before...

CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...

CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...

CVE-2024-37362

CVE-2024-37362 affects Hitachi Vantara Pentaho Data Integration & Analytics. The vulnerability arises because the product transmits or stores authentication credentials using an insecure method, leading to potential disclosure of credentials (e.g., database passwords) when saving connections to R...

CVE-2024-5706

CVE-2024-5706 affects Hitachi Vantara Pentaho Data Integration & Analytics. Versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not restrict JNDI identifiers when creating Community Dashboards, allowing control of system-level data sources and potentially enabling access to or modification ...

CVE-2024-5706 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Hitachi Vantara Pentaho Data Integration & Analytics versions before...