CVE-2024-28982 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference...

CVE-2024-28982 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference...

PT-2024-22662 · Hitachi Vantara · Analyzer Plugin +1

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.1.0.0 Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.7 Hitachi Vantara Pentaho Business Analytics Server version 8.3.x Description: The issue...

VulnCheck KEV: CVE-2022-43939

Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization...

CVE-2023-2358 Hitachi Vantara Pentaho Business Analytics Server – Password Stored in a Recoverable Format

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext...

CVE-2023-2358

Summary: CVE-2023-2358 affects Hitachi Vantara Pentaho Business Analytics Server. The issue is that the Hadoop Copy Files step stores passwords in plaintext, exposing sensitive credentials. Affected versions: Pentaho Server before 9.5.0.0, before 9.3.0.4, and version 8.3.x.x. Root cause: configur...

CVE-2023-36819

Knowage Server suffers a path-traversal vulnerability in the download template endpoint (/knowage/restful-services/dossier/importTemplateFile_) for 6.x.x up to 8.1.7, where the templateName parameter is not sanitized, allowing crafting of ../ to escape the template directory and read arbitrary fi...

CVE-2023-1158

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list...

CVE-2023-1158

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list...

CVE-2022-4815

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...

Authorization

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list...

Design/Logic Flaw

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...

CVE-2022-4815 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...

CVE-2022-4815

Hitachi Vantara Pentaho Business Analytics Server is affected by CVE-2022-4815 due to deserialization of untrusted JSON data without constraining the parser to approved classes/methods. Affected versions include Pentaho BA Server prior to 9.4.0.1, prior to 9.3.0.3, and 8.3.x. The issue originates...

CVE-2023-1158 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list...

CVE-2023-1158

Hitachi Vantara Pentaho Business Analytics Server is affected by CVE-2023-1158 due to improper/incorrect authorization that exposes dashboard prompts to users not on the authorization list. Affected versions are before 9.4.0.1 and before 9.3.0.3, including 8.3.x. Impact: potential disclosure of d...

CVE-2022-3695

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present...

CVE-2022-43770

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API...

Design/Logic Flaw

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present...

Authorization

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API...