Lucene search
K

77 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.7 views

CVE-2025-11159

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...

9.1CVSS5.7AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-2255

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...

4.3CVSS5.5AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.12 views

CVE-2026-2253

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

7.7CVSS5.4AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:54 a.m.44 views

CVE-2026-2253 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

7.7CVSS0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:54 a.m.11 views

CVE-2026-2253

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/27 2:54 a.m.27 views

CVE-2026-2253

Hitachi Vantara Pentaho Data Integration & Analytics is affected by an XXE issue in XML parsing. Versions before 10.2.0.7 and 11.0.0.0 (including 9.3.x and 8.3.x) do not sufficiently restrict external entities, enabling potential confidentiality impact. CVSSv3.1 base score 7.7 (HIGH) with NETWORK...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:46 a.m.7 views

CVE-2026-2254

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/27 2:46 a.m.24 views

CVE-2026-2254

CVE-2026-2254 affects Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x. The issue is that ACLs are not applied on certain API endpoints related to platform mail notifications, allowing potential improper access. The documented C...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/27 2:46 a.m.36 views

CVE-2026-2254 Hitachi Vantara Pentaho Data Integration & Analytics - Incorrect Permission Assignment for Critical Resource

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

6.3CVSS0.00154EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43484

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.6 Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 11.0.0.0 Description Incorrect permission assignment occurs because Access Control Lists ACL...

6.3CVSS5.9AI score0.00154EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by the American company Hitachi Vantara. Versions of Hitachi Vantara Pentaho Data Integration and Analytics prior to 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, contained security...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 5:36 a.m.69 views

CVE-2025-11159 Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...

9.1CVSS0.00342EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 5:36 a.m.25 views

CVE-2025-11159

Technical details such as affected product versions, root cause, and exploit information are not publicly available in the provided documents. Monitor for updates.

9.1CVSS5.9AI score0.00342EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/10 6:31 p.m.5 views

EUVD-2025-208457

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

9.1CVSS5.8AI score0.00382EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2025-208458

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

9.1CVSS5.8AI score0.00382EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 4:23 p.m.5 views

CVE-2025-11158

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

9.1CVSS0.00382EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.10 views

Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analysis system developed by Hitachi, Ltd. Versions of Hitachi Vantara Pentaho Data Integration & Analytics prior to 10.2.0.6, including 9.3.x and 8.3.x versions, have security vulnerabilities. These vulnerabilities st...

9.1CVSS6.3AI score0.00382EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/09 10:12 p.m.2 views

CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

9.1CVSS5.8AI score0.00382EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 12:30 a.m.6 views

EUVD-2025-203472

Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet...

5.3CVSS6.4AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.7 views

PT-2025-51318

Name of the Vulnerable Software and Affected Versions Pentaho Data Integration and Analytics Community Dashboard Framework versions prior to 10.2.0.4 Pentaho Data Integration and Analytics Community Dashboard Framework versions 8.3.x Pentaho Data Integration and Analytics Community Dashboard...

5.3CVSS6.1AI score0.00245EPSS
Exploits0References5
Rows per page
Query Builder