411 matches found
CVE-2026-2253
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...
EUVD-2026-32045
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...
CVE-2026-2254 Hitachi Vantara Pentaho Data Integration & Analytics - Incorrect Permission Assignment for Critical Resource
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...
Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞
Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analysis system developed by Hitachi, Ltd. Versions of Hitachi Vantara Pentaho Data Integration & Analytics prior to 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, contained security vulnerabilities. These...
Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞
Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by Hitachi Vantara Corporation in the United States. Versions of Hitachi Vantara Pentaho Data Integration and Analytics prior to 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, contain...
EUVD-2025-209821
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
CVE-2025-11159 Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
CVE-2025-11159
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
PT-2026-40566
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞
Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by the American company Hitachi Vantara. There is a security vulnerability in Hitachi Vantara Pentaho Data Integration and Analytics, which stems from the JDBC driver of the H2 database,...
CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...
CVE-2020-24664
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter...
CVE-2025-9122
Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet...
CVE-2025-9121
Pentaho Data Integration and Analytics Community Dashboard Editor plugin (versions before 10.2.0.4, including 9.3.0.x and 8.3.x) is affected by CVE-2025-9121 due to deserializing untrusted JSON data without constraining the parser to approved classes/methods. Root cause: insecure JSON deserializa...
CVE-2025-9121 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data
Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods...
CVE-2025-9122 Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information
Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet...
Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞
Hitachi Vantara Pentaho Data Integration and Analytics is a Business Intelligence Dashboard Designer from Hitachi Vantara, USA. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration and Analytics versions prior to 10.2.0.4, which stems from displaying the full server stack...
EUVD-2021-18492
Malware in sbrugna...
EUVD-2021-18493
Malware in sbrugna...
EUVD-2021-21335
Malware in sbrugna...