Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability

Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization...

Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability

Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution...

Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution

Title: Pentaho BA Server EE 9.3.0.0-428 - RCE via Server-Side Template Injection Unauthenticated Author: dwbzn Date: 2022-04-04 Vendor: https://www.hitachivantara.com/ Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html...

CVE-2022-43771

CVE-2022-43771 summary : Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, are affected by a path traversal flaw in the Pentaho Data Access plugin. The vulnerability arises from an exposed service endpoint for CSV import that accepts a user-su...