Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability

Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution...

Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability

Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization...

Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution

Title: Pentaho BA Server EE 9.3.0.0-428 - RCE via Server-Side Template Injection Unauthenticated Author: dwbzn Date: 2022-04-04 Vendor: https://www.hitachivantara.com/ Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html...

CVE-2022-43771

CVE-2022-43771 summary : Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, are affected by a path traversal flaw in the Pentaho Data Access plugin. The vulnerability arises from an exposed service endpoint for CSV import that accepts a user-su...