EUVD-2025-203472

Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet...

CVE-2025-9122

Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet...

CVE-2025-9122 Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information

Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet...

EUVD-2013-6530

Malware in sbrugna...

Security Bulletin: WebSphere Dashboard Framework Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS CVEID: CVE-2013-1571 DESCRIPTION HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

Security Bulletin: WebSphere Dashboard Framework contains a vulnerability that allows file access and deletion.

Summary WebSphere Dashboard Framework contains a vulerability in a charting feature used to access and delete generated images in a temporary folder. A fix has been created that removes the vulnerability. Vulnerability Details WebSphere Dashboard Framework contains a vulnerability in a charting...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Dashboard Framework

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by WebSphere Dashboard Framework. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with...

Security Bulletin: Vulnerabilities in IBM® Java™ Runtime affect WebSphere Dashboard Framework (CVE-2016-5573, CVE-2016-5597)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Version 6 that is used by WebSphere Dashboard Framework. These issues were disclosed as part of the IBM Java SDK updates in October 2016. The vulnerabilities may affect some configurations of products bundled with WebSphere...

Security Bulletin: IBM WebSphere Dashboard Framework is affected by a security vulnerability in Apache POI (CVE-2016-5000)

Summary Apache POI, which is bundled with IBM WebSphere Dashboard Framework, could allow a remote attacker to obtain sensitive information. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache POI, which is used by the spreadsheet integration functionality. CVEID:...

Security Bulletin: IBM WebSphere Dashboard Framework is affected by multiple security vulnerabilities in Apache POI

Summary Apache POI, which is bundled with IBM WebSphere Dashboard Framework, is vulnerable to denial of service attacks and could allow a remote attacker to obtain sensitive information. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache POI, which is used by the...

Security Bulletin: A vulnerability in IBM® Java Runtime affects: WebSphere Dashboard Framework (CVE-2016-3485)

Summary There is a vulnerability in IBM® Runtime Environments Java™ Version 6 that is used by WebSphere Dashboard Framework. This issue was disclosed as part of the IBM Java SDK updates in July 2016. The vulnerability may affect some configurations of products bundled with WebSphere Dashboard...

Security Bulletin: Security Vulnerability in Apache Commons FileUpload affects IBM WebSphere Dashboard Framework (CVE-2016-3092 )

Summary Apache Commons FileUpload, which is bundled with IBM WebSphere Dashboard Framework, allows remote attackers to cause a denial of service CPU consumption via a long boundary string. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache Commons FileUpload, whi...

Security Bulletin: Security vulnerabilities have been identified in the versions of IBM WebSphere Application Server Community Edition bundled with WebSphere Dashboard Framework 7.0.1 (CVE-2015-5345) (CVE-2016-0706) (CVE-2016-0714)

Summary IBM WebSphere Application Server Community Edition is bundled as an optional component of WebSphere Dashboard Framework. Information about security vulnerabilities affecting this component have been published. Vulnerability Details CVEID: CVE-2015-5345 DESCRIPTION: Apache Tomcat could all...

Security Bulletin: Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6, affects: WebSphere Dashboard Framework (CVE-2016-3427, CVE-2016-3426, CVE-2016-0264)

Summary There are multiple vulnerabilities in IBM® Runtime Environments Java™ Technology Edition, Version 6, that is used by WebSphere Dashboard Framework. These issues were disclosed as part of the IBM Java SDK updates in April 2016. The vulnerabilities may affect some configurations of products...

Security Bulletin: Security Vulnerability in Apache Axis affects IBM WebSphere Dashboard Framework (CVE-2014-3596)

Summary There is an insecure certificate validation CVE-2014-3596 in Apache Axis which is bundled with IBM WebSphere Dashboard Framework. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache Axis which can be used to make web service requests. A vulnerability in Ax...

kitto directory traversal vulnerability

kitto is an interactive dashboard framework written using Elixir. A directory traversal vulnerability exists in kitto, which allows remote attackers to submit a specially crafted request to view the contents of system files with WEB privileges...

CVE-2014-6196

Cross-site scripting XSS vulnerability in IBM Web Experience Factory WEF 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework WDF and Lotus Widget Factory LWF, allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Web Experience Factory WEF 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework WDF and Lotus Widget Factory LWF, allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere...

CVE-2014-6196

Cross-site scripting XSS vulnerability in IBM Web Experience Factory WEF 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework WDF and Lotus Widget Factory LWF, allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere...

CVE-2014-6196

The CVE-2014-6196 entry affects IBM Web Experience Factory (WEF) versions 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF). The root cause is a Dojo builder error in an unspecified WebSphere Portal configuration, which leads to improper construc...