174 matches found
CVE-2021-45448
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended...
CVE-2020-2535
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Server. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP t...
Hitachi Vantara Pentaho Business Analytics Server 安全漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2, which stems from an...
CVE-2024-37360
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to othe...
CVE-2024-37359
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 an...
Hitachi Vantara Pentaho Business Analytics Server 安全漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from the presence of mishandled privileges,...
Hitachi Vantara Pentaho Business Analytics Server 代码问题漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration and business analytics platform from Hitachi, Ltd Hitachi, Japan. A code issue vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from the presence of unverified deserialized...
CVE-2022-43941
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...
CVE-2022-43940
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service...
CVE-2024-11220
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation...
Oracle Business Intelligence Enterprise Edition (OAS 7.6) (July 2024 CPU)
The version of Oracle Business Intelligence Enterprise Edition OAS 7.6.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of...
PT-2025-7452 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.0 and 9.3.0.9, including 8.3.x Description: The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality...
CVE-2024-28984
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface...
Oracle Business Intelligence Enterprise Edition (April 2024 CPU)
The version of Oracle Business Intelligence Enterprise Edition 12.2.1.4 installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of...
Oracle Business Intelligence Enterprise Edition (OAS 7.0) (April 2024 CPU)
The version of Oracle Business Intelligence Enterprise Edition OAS 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of...
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in its ability to disclose information through a server error message, allowing an intruder to expose the protected information.
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to the disclosure of information through a server error message. Exploiting this vulnerability allows an attacker to remotely disclose the protected information...
Oracle Business Intelligence Enterprise Edition (OAS 6.4) (January 2024 CPU)
The version of Oracle Business Intelligence Enterprise Edition OAS 6.4.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product...
VulnCheck KEV: CVE-2022-43939
Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization...
CVE-2023-2358 Hitachi Vantara Pentaho Business Analytics Server – Password Stored in a Recoverable Format
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext...
The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software allows a perpetrator to disclose protected information or gain access to modify, add, or delete data.
The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to disclose protected information or gain access to modify, add, or delete data...