Lucene search
K

174 matches found

Cvelist
Cvelist
added 2023/04/03 6:6 p.m.40 views

CVE-2022-43938 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports .prpt through the JVM script manager...

8.8CVSS8.6AI score0.26633EPSS
Exploits0References1
CVE
CVE
added 2023/04/03 5:59 p.m.50 views

CVE-2022-43773

Hitachi Vantara Pentaho Business Analytics Server is affected by CVE-2022-43773 due to incorrect permission assignment for a critical resource when a sample HSQLDB data source with stored procedures is enabled. Affected versions include pre-9.4.0.1 and pre-9.3.0.2, as well as 8.3.x. The root caus...

8.8CVSS8.7AI score0.22179EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/03 5:47 p.m.8 views

CVE-2022-43769 Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream...

8.8CVSS9AI score0.9767EPSS
Exploits6References2
CVE
CVE
added 2023/04/03 5:47 p.m.263 views

CVE-2022-43769

Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2 (including 8.3.x) are affected by CVE-2022-43769: a server-side template injection that can lead to remote code execution by injecting Spring templates into properties. Impact is unauthenticated command execut...

8.8CVSS8AI score0.9767EPSS
In wildExploits6References3Affected Software1
CNNVD
CNNVD
added 2023/04/03 12:0 a.m.4 views

Hitachi Vantara Pentaho Business Analytics Server 代码注入漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1, which stems from a...

8.8CVSS7.8AI score0.26633EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/03 12:0 a.m.6 views

PT-2023-2232 · Hitachi Vantara · Pentaho Data Access +1

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server version 9.3.0.1 and earlier Hitachi Vantara Pentaho Business Analytics Server versions 8.3.x Description: The issue ...

6.8CVSS6.6AI score0.23894EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/04/03 12:0 a.m.15 views

CVE-2022-43939

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. Recent assessments: gwillcox-r7 at May 10, 2023 5:02pm UTC reported: This is an authentication bypass in Hitachi...

9.8CVSS7.6AI score0.9767EPSS
In wildExploits7References3
CNNVD
CNNVD
added 2023/04/03 12:0 a.m.5 views

Hitachi Vantara Pentaho Business Analytics Server 跨站脚本漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that originates from allowing malicious URLs to inject...

6.1CVSS6.2AI score0.00353EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/03 12:0 a.m.4 views

Hitachi Vantara Pentaho Business Analytics Server 安全漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1. An attacker could exploit the...

8.8CVSS8.1AI score0.22179EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/03 12:0 a.m.4 views

Hitachi Vantara Pentaho Business Analytics Server 安全漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1, which stems from an...

8.8CVSS6.8AI score0.00555EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/03 12:0 a.m.4 views

PT-2023-2239 · Hitachi Vantara · Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.2 Hitachi Vantara Pentaho Business Analytics Server version 8.3.x Description: The issue is...

9CVSS6.3AI score0.00555EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/04/03 12:0 a.m.6 views

PT-2023-2234 · Hitachi Vantara · Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.2 Hitachi Vantara Pentaho Business Analytics Server version 8.3.x Description: The issue is...

5CVSS4.6AI score0.00435EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.15 views

Oracle Analytics Server (OAS) Installed

Binary data oracleanalyticsserverinstalled.nbin...

7.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/19 8:12 p.m.5 views

CVE-2022-38708 IBM Cognos Analytics server-side request forgery

IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack SSRF attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180...

6.5CVSS8.6AI score0.00428EPSS
Exploits0References2
NVD
NVD
added 2022/11/02 3:15 p.m.17 views

CVE-2021-45446

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory...

7.5CVSS0.00413EPSS
Exploits0References1
Prion
Prion
added 2022/11/02 3:15 p.m.19 views

Design/Logic Flaw

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and...

5CVSS7.5AI score0.00302EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/02 2:26 p.m.4 views

CVE-2021-45446 Pentaho Business Analytics Server - Exposure of Information Through Directory Listing

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory...

5CVSS7.5AI score0.00413EPSS
Exploits0References1
NVD
NVD
added 2022/10/18 9:15 p.m.20 views

CVE-2022-21609

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Server. The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracl...

5.7CVSS0.00587EPSS
Exploits0References1
Prion
Prion
added 2022/10/18 9:15 p.m.23 views

Design/Logic Flaw

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Server. The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracl...

3.5CVSS5.4AI score0.00587EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/10/18 12:0 a.m.67 views

CVE-2022-21609

CVE-2022-21609 affects Oracle Fusion Middleware’s Oracle BI Enterprise Edition (Analytics Server), specifically version 5.9.0.0. The vulnerability allows a low-privilege, network-accessing attacker (HTTP) to potentially access data or the data set accessible by Oracle BI EE, with exploitation req...

5.7CVSS5.4AI score0.00587EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder