Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/04/25 3:36 p.m.7 views

CVE-2025-0756

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Description Hitachi Vantara Pentaho Data Integration & Analytics...

9.1CVSS7.9AI score0.00875EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 11:15 p.m.13 views

CVE-2025-0756

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Description Hitachi Vantara Pentaho Data Integration &...

9.1CVSS0.00875EPSS
Exploits0References1
Circl
Circl
added 2025/04/16 10:57 p.m.5 views

CVE-2025-0756

creationtimestamp| type| source ---|---|--- 2025-04-16 22:57:42+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12163 2025-04-17 00:48:20+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114350548547803347 2025-04-17 02:06:36+00:00| seen| https://t.me/cvedetector/23199...

9.1CVSS4.8AI score0.00875EPSS
Exploits0References5
CVE
CVE
added 2025/04/16 10:23 p.m.63 views

CVE-2025-0756

Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.2 (including 9.3.x and 8.3.x) do not restrict JNDI identifiers when creating platform data sources, enabling untrusted input to be used as resource identifiers. This can lead to access to, or modification of, sensitive ...

9.1CVSS9.6AI score0.00875EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 10:23 p.m.6 views

CVE-2025-0756 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Description Hitachi Vantara Pentaho Data Integration &...

9.1CVSS9.6AI score0.00875EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 10:23 p.m.21 views

CVE-2025-0756 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Description Hitachi Vantara Pentaho Data Integration &...

9.1CVSS0.00875EPSS
Exploits0References1
Rows per page
Query Builder