Lucene search
K

174 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:9 p.m.8 views

CVE-2021-45448

Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended...

7.1CVSS6.9AI score0.00551EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:21 p.m.8 views

CVE-2020-2535

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Server. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP t...

4.7CVSS5.5AI score0.01357EPSS
Exploits0
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.3 views

Hitachi Vantara Pentaho Business Analytics Server 安全漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2, which stems from an...

4.9CVSS6.4AI score0.00355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/21 11:22 p.m.5 views

CVE-2024-37360

Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to othe...

4.4CVSS6.6AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/21 11:21 p.m.7 views

CVE-2024-37359

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 an...

8.6CVSS6.8AI score0.00476EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.3 views

Hitachi Vantara Pentaho Business Analytics Server 安全漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from the presence of mishandled privileges,...

6.5CVSS6.5AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.4 views

Hitachi Vantara Pentaho Business Analytics Server 代码问题漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration and business analytics platform from Hitachi, Ltd Hitachi, Japan. A code issue vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from the presence of unverified deserialized...

9.9CVSS6.8AI score0.00482EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/06 1:51 a.m.13 views

CVE-2022-43941

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...

7.1CVSS6.4AI score0.0053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 1:45 a.m.16 views

CVE-2022-43940

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service...

8.8CVSS6.4AI score0.00555EPSS
Exploits0References1
OSV
OSV
added 2024/12/06 6:15 p.m.5 views

CVE-2024-11220

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation...

7.8CVSS5.9AI score0.00152EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.49 views

Oracle Business Intelligence Enterprise Edition (OAS 7.6) (July 2024 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 7.6.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of...

5.5CVSS6.3AI score0.03174EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/11 12:0 a.m.7 views

PT-2025-7452 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.0 and 9.3.0.9, including 8.3.x Description: The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality...

6.8CVSS7AI score0.00303EPSS
Exploits0References6
NVD
NVD
added 2024/06/26 11:15 p.m.23 views

CVE-2024-28984

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface...

8.8CVSS0.00254EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/19 12:0 a.m.35 views

Oracle Business Intelligence Enterprise Edition (April 2024 CPU)

The version of Oracle Business Intelligence Enterprise Edition 12.2.1.4 installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of...

7.5CVSS6.4AI score0.0232EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/04/19 12:0 a.m.41 views

Oracle Business Intelligence Enterprise Edition (OAS 7.0) (April 2024 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of...

8.1CVSS6.7AI score0.02577EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2024/04/08 12:0 a.m.10 views

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in its ability to disclose information through a server error message, allowing an intruder to expose the protected information.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to the disclosure of information through a server error message. Exploiting this vulnerability allows an attacker to remotely disclose the protected information...

5.3CVSS5.9AI score0.00376EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/29 12:0 a.m.52 views

Oracle Business Intelligence Enterprise Edition (OAS 6.4) (January 2024 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 6.4.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product...

8.2CVSS7.1AI score0.19442EPSS
Exploits4References13
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-43939

Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization...

9.8CVSS7.4AI score0.92266EPSS
Exploits6References1
Cvelist
Cvelist
added 2023/09/26 9:34 p.m.27 views

CVE-2023-2358 Hitachi Vantara Pentaho Business Analytics Server – Password Stored in a Recoverable Format

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext...

4.3CVSS5.4AI score0.0023EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/08/01 12:0 a.m.5 views

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software allows a perpetrator to disclose protected information or gain access to modify, add, or delete data.

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to disclose protected information or gain access to modify, add, or delete data...

5.5CVSS6.8AI score0.0032EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder