249 matches found
CVE-2021-45447
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and...
CVE-2021-45448
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended...
CVE-2021-34684
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...
CVE-2025-24909
Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x...
CVE-2025-24910
Overview XML documents optionally contain a Document Type Definition DTD, which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the...
CVE-2025-0758
Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE-732 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed...
CVE-2025-0757
Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x...
CVE-2025-24911
Hitachi Vantara Pentaho Business Analytics Server prior to version 10.2.0.2 (including 9.3.x and 8.3.x) is vulnerable to an XML External Entity (XXE) exposure in the XMLParserFactoryProducer. The flaw can allow an attacker to read local files via a file:// URI defined as an external entity, and c...
CVE-2025-24911 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference
Overview XML documents optionally contain a Document Type Definition DTD, which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the...
CVE-2025-24911 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference
Overview XML documents optionally contain a Document Type Definition DTD, which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the...
CVE-2025-24910 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference
Overview XML documents optionally contain a Document Type Definition DTD, which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the...
CVE-2025-24909 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x...
CVE-2025-24909 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x...
CVE-2025-0757 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x...
CVE-2025-0758 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource
Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE-732 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed...
CVE-2025-0758
CVE-2025-0758 affects Hitachi Vantara Pentaho Business Analytics Server. The root cause is that Karaf JMX beans are enabled and accessible by default, allowing a local-privilege user to leverage exposed functionality via these beans. Impact described across sources: read/modify a security-critica...
Hitachi Vantara Pentaho Business Analytics Server 安全漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2, which stems from an...
PT-2025-16912 · Hitachi Vantara +1 · Hitachi Vantara Pentaho Business Analytics Server +1
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2 Hitachi Vantara Pentaho Business Analytics Server versions 9.3.x Hitachi Vantara Pentaho Business Analytics Server versions 8.3.x Description: The product specifies...
CVE-2024-37361
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. CWE-502 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, deserialize untrusted JSON data without constraining the parser to...
CVE-2024-37360
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to othe...