4 matches found
CVE-2026-2255
Hitachi Vantara Pentaho Data Integration & Analytics exposes Hadoop cluster credentials in plain text via the Cluster Test API for versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x. The credentials can be used to submit jobs under the same account through the backend API, indicatin...
CVE-2026-2255 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...
EUVD-2026-32046
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...
CVE-2025-11158
Hitachi Vantara Pentaho Data Integration & Analytics is affected by CVE-2025-11158 in versions before 10.2.0.6, including 9.3.x and 8.3.x. The root cause is failure to restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a remote c...