CVE-2021-31599

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports .prpt file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code...

Default configuration

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml...

Code injection

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports .prpt file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code...

CVE-2021-31602

Hitachi Vantara Pentaho (through 9.1) and Pentaho BI Server (through 7.x) are affected by CVE-2021-31602, an authentication bypass caused by the applicationContext-spring-security.xml security layer. An unauthenticated user can extract information without valid credentials. NVD lists CVSS v3.1 ba...

CVE-2021-31601

CVE-2021-31601 affects Hitachi Vantara Pentaho (9.1 and earlier Pentaho BI Server 7.x/9.1) where the SOAP web services expose a Data Source Management service. An authenticated user (even with low privileges) can enumerate credentials and connection details for all data sources via the /pentaho/w...

CVE-2021-31600

Hitachi Vantara Pentaho (through 9.1 and Pentaho BI Server 7.x) exposes an access-control flaw in SOAP web services that allows any authenticated user to enumerate usernames. The vulnerable components are the web services exposed by /pentaho/webservices/userRoleListService and /pentaho/ServiceAct...

CVE-2021-31599

Vulnerability summary: CVE-2021-31599 affects Hitachi Vantara Pentaho (Pentaho BI Server 7.x and Pentaho Business Analytics up to 9.1). Affected component is the Pentaho Report Bundles (.prpt); the BeanShell scripting feature inside PRPT reports can be exploited by an authenticated user to execut...

Security Bulletin: IBM Cognos Business Intelligence Server : IBM Cognos Business Intelligence Server is affected by CVE-2016-0398

Summary This bulletin addresses a recently discovered content spoofing vulnerability. Vulnerability Details CVEID: CVE-2016-0398 DESCRIPTION: IBM Cognos Business Intelligence is vulnerable to content spoofing when an attacker familiar with C10 can convince a user to click on a malicious link. CVS...

Security Bulletin: A vulnerability in the GSKit component of IBM Cognos Business Intelligence Server (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of IBM Cognos Business Intelligence Server . Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this...

Security Bulletin: A security vulnerability has been identified in multiple products shipped with IBM Predictive Maintenance and Quality: CVE-2015-8126, CVE-2016-0494, CVE-2016-0483, CVE-2015-8472, CVE-2016-0475, CVE-2016-0466, CVE-2016-0402, CVE-2015-757

Summary IBM WebSphere Application Server, IBM DB2, IBM SPSS Modeler, IBM Cognos Business Intelligence Server, IBM SPSS Collaboration and Deployment Services,IBM Integration Bus, IBM ILOG CPLEX Optimization Studio, IBM SPSS Analytic Server and IBM SPSS Modeler are shipped as components of IBM...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, IBM HTTP Server, IBM DB2, IBM SPSS Modeler, IBM Cognos Business Intelligence Server, IBM SPSS Collaboration and Deployment Services and IBM WebSphere MQ s

Summary IBM WebSphere Application Server, IBM HTTP Server, IBM DB2, IBM SPSS Modeler, IBM Cognos Business Intelligence Server, IBM SPSS Collaboration and Deployment Services and IBM WebSphere MQ are shipped as components of IBM Predictive Maintenance and Quality. Information about a security...