Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analytics system from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics that stems from an unrestricted JNDI identifier, which can lead to the disclosu...

Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analytics system from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics that stems from the use of an insecure method of transmitting authentication...

PT-2025-7411 · Amazon +1 · Redshift +1

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.0 and 9.3.0.8, including 8.3.x Description: The product transmits or stores authentication credentials using an insecure method, making it susceptible to unauthoriz...

CVE-2024-28981

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...

Key Takeaways: Mastering Risk Prioritization with Rapid7 Surface Command

Managing risk in today’s sprawling IT environments demands precision and adaptability. Security teams face a constant influx of data from various tools, each offering fragmented insights. Rapid7’s Surface Command takes control of this chaos, consolidating data and delivering actionable insights...

IBM InfoSphere Information Server Input Validation Error Vulnerability (CNVD-2024-49166)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An input validation error vulnerability exists in IBM InfoSphere Information Server version 11.7...

CVE-2024-28981

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...

CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...

CVE-2024-28981

Hitachi Vantara Pentaho Data Integration & Analytics is affected. Versions before 10.1.0.0 and 9.3.0.8 (including 8.3.x) disclose database passwords when searching metadata injectable fields due to insufficiently protected credentials. No exploitation details are provided in the documents. Remedi...

CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2024-36745)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server version 11.7...

Apache InLong Code Injection Vulnerability (CNVD-2024-35666)

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A code injection vulnerability exists in Apache InLong versions 1.10.0 through 1.12.0, which can be exploited by an attacker to cau...

Unspecified Vulnerability in IBM InfoSphere Information Server (CNVD-2024-33893)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7 that stems fro...

The vulnerability of the IBM InfoSphere Information Server software platform arises from the lack of measures taken to protect the structure of web pages. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the IBM InfoSphere Information Server data integration software platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out a cross-site scripting attack remotely...

CVE-2024-38363

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2024-37065)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be...

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2024-30630)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server that stems from...

IBM InfoSphere Information Server Server Side Request Forgery Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server has a server-side request forgery vulnerability that can be...

Unspecified Vulnerability in IBM InfoSphere Information Server (CNVD-2024-30834)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server that originates when a...