249 matches found
CVE-2024-37359
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 an...
CVE-2024-37361
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. CWE-502 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, deserialize untrusted JSON data without constraining the parser to...
CVE-2024-37363
The CVE-2024-37363 entry concerns Hitachi Vantara Pentaho Business Analytics Server. Affected versions include before 10.2.0.0 and before 9.3.0.8, including 8.3.x. The root cause is an improper authorization check in the data source management service (CWE-862), allowing actors to access resource...
CVE-2024-37363 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action. CWE-862 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an authorization check in the data source...
CVE-2024-37363 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action. CWE-862 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an authorization check in the data source...
CVE-2024-6697 Hitachi Vantara Pentaho Business Analytics Server - Improper Handling of Insufficient Permissions or Privileges
The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. CWE-280 Hitachi Vantara Pentaho Business...
CVE-2024-6697
CVE-2024-6697 affects Hitachi Vantara Pentaho Business Analytics Server prior to 10.2.0.0 and 9.3.0.9 (including 8.3.x). The issue is improper handling of insufficient permissions, causing the application to follow unexpected code paths and potentially reach a denial of service. An adversary can ...
CVE-2024-6697 Hitachi Vantara Pentaho Business Analytics Server - Improper Handling of Insufficient Permissions or Privileges
The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. CWE-280 Hitachi Vantara Pentaho Business...
CVE-2024-6696 Hitachi Vantara Pentaho Business Analytics Server - Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses reads and/or writes to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad becau...
CVE-2024-37361 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. CWE-502 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, deserialize untrusted JSON data without constraining the parser to...
CVE-2024-37361 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. CWE-502 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, deserialize untrusted JSON data without constraining the parser to...
CVE-2024-37360
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to...
CVE-2024-5705
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. CWE-863 Hitachi Vantara Pentaho Business Analytics Server versions before...
CVE-2024-37360 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to...
CVE-2024-37360 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to...
CVE-2024-37360
Hitachi Vantara Pentaho Business Analytics Server is affected by CVE-2024-37360 (Cross-site Scripting). Versions prior to 10.2.0.0 and 9.3.0.9, including 8.3.x, fail to properly neutralize user-controllable input in web output, allowing a malicious URL to inject content into the Analyzer plugin i...
CVE-2024-37359 Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0...
CVE-2024-37359 Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0...
Hitachi Vantara Pentaho Business Analytics Server 跨站脚本漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Japan. A cross-site scripting vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server, which arises from an unsatisfactory synchronization of...
Hitachi Vantara Pentaho Business Analytics Server 代码问题漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration and business analytics platform from Hitachi, Ltd Hitachi, Japan. A code issue vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from the presence of unverified deserialized...