Lucene search
K

4 matches found

CVE
CVE
added 2026/05/27 2:51 a.m.21 views

CVE-2026-2255

Hitachi Vantara Pentaho Data Integration & Analytics exposes Hadoop cluster credentials in plain text via the Cluster Test API for versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x. The credentials can be used to submit jobs under the same account through the backend API, indicatin...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/27 2:51 a.m.32 views

CVE-2026-2255 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...

4.3CVSS0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 2:51 a.m.10 views

EUVD-2026-32046

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 10:12 p.m.18 views

CVE-2025-11158

Hitachi Vantara Pentaho Data Integration & Analytics is affected by CVE-2025-11158 in versions before 10.2.0.6, including 9.3.x and 8.3.x. The root cause is failure to restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a remote c...

9.1CVSS5.8AI score0.00382EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder