174 matches found
CVE-2022-43938 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports .prpt through the JVM script manager...
CVE-2022-43773
Hitachi Vantara Pentaho Business Analytics Server is affected by CVE-2022-43773 due to incorrect permission assignment for a critical resource when a sample HSQLDB data source with stored procedures is enabled. Affected versions include pre-9.4.0.1 and pre-9.3.0.2, as well as 8.3.x. The root caus...
CVE-2022-43769 Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream...
CVE-2022-43769
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2 (including 8.3.x) are affected by CVE-2022-43769: a server-side template injection that can lead to remote code execution by injecting Spring templates into properties. Impact is unauthenticated command execut...
Hitachi Vantara Pentaho Business Analytics Server 代码注入漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1, which stems from a...
PT-2023-2232 · Hitachi Vantara · Pentaho Data Access +1
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server version 9.3.0.1 and earlier Hitachi Vantara Pentaho Business Analytics Server versions 8.3.x Description: The issue ...
CVE-2022-43939
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. Recent assessments: gwillcox-r7 at May 10, 2023 5:02pm UTC reported: This is an authentication bypass in Hitachi...
Hitachi Vantara Pentaho Business Analytics Server 跨站脚本漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that originates from allowing malicious URLs to inject...
Hitachi Vantara Pentaho Business Analytics Server 安全漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1. An attacker could exploit the...
Hitachi Vantara Pentaho Business Analytics Server 安全漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1, which stems from an...
PT-2023-2239 · Hitachi Vantara · Pentaho Business Analytics Server
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.2 Hitachi Vantara Pentaho Business Analytics Server version 8.3.x Description: The issue is...
PT-2023-2234 · Hitachi Vantara · Pentaho Business Analytics Server
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.2 Hitachi Vantara Pentaho Business Analytics Server version 8.3.x Description: The issue is...
Oracle Analytics Server (OAS) Installed
Binary data oracleanalyticsserverinstalled.nbin...
CVE-2022-38708 IBM Cognos Analytics server-side request forgery
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack SSRF attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180...
CVE-2021-45446
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory...
Design/Logic Flaw
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and...
CVE-2021-45446 Pentaho Business Analytics Server - Exposure of Information Through Directory Listing
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory...
CVE-2022-21609
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Server. The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracl...
Design/Logic Flaw
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Server. The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracl...
CVE-2022-21609
CVE-2022-21609 affects Oracle Fusion Middleware’s Oracle BI Enterprise Edition (Analytics Server), specifically version 5.9.0.0. The vulnerability allows a low-privilege, network-accessing attacker (HTTP) to potentially access data or the data set accessible by Oracle BI EE, with exploitation req...