77 matches found
CVE-2025-11159
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
CVE-2026-2255
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...
CVE-2026-2253
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...
CVE-2026-2253 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...
CVE-2026-2253
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...
CVE-2026-2253
Hitachi Vantara Pentaho Data Integration & Analytics is affected by an XXE issue in XML parsing. Versions before 10.2.0.7 and 11.0.0.0 (including 9.3.x and 8.3.x) do not sufficiently restrict external entities, enabling potential confidentiality impact. CVSSv3.1 base score 7.7 (HIGH) with NETWORK...
CVE-2026-2254
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...
CVE-2026-2254
CVE-2026-2254 affects Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x. The issue is that ACLs are not applied on certain API endpoints related to platform mail notifications, allowing potential improper access. The documented C...
CVE-2026-2254 Hitachi Vantara Pentaho Data Integration & Analytics - Incorrect Permission Assignment for Critical Resource
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...
PT-2026-43484
Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.6 Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 11.0.0.0 Description Incorrect permission assignment occurs because Access Control Lists ACL...
Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞
Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by the American company Hitachi Vantara. Versions of Hitachi Vantara Pentaho Data Integration and Analytics prior to 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, contained security...
CVE-2025-11159 Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
CVE-2025-11159
Technical details such as affected product versions, root cause, and exploit information are not publicly available in the provided documents. Monitor for updates.
EUVD-2025-208457
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...
EUVD-2025-208458
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...
CVE-2025-11158
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...
Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞
Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analysis system developed by Hitachi, Ltd. Versions of Hitachi Vantara Pentaho Data Integration & Analytics prior to 10.2.0.6, including 9.3.x and 8.3.x versions, have security vulnerabilities. These vulnerabilities st...
CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...
EUVD-2025-203472
Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet...
PT-2025-51318
Name of the Vulnerable Software and Affected Versions Pentaho Data Integration and Analytics Community Dashboard Framework versions prior to 10.2.0.4 Pentaho Data Integration and Analytics Community Dashboard Framework versions 8.3.x Pentaho Data Integration and Analytics Community Dashboard...