Lucene search
+L

423 matches found

RedhatCVE
RedhatCVE
added 2025/04/25 10:48 p.m.15 views

CVE-2025-0757

Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and...

4.4CVSS6.7AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 3:36 p.m.9 views

CVE-2025-0756

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Description Hitachi Vantara Pentaho Data Integration & Analytics...

9.1CVSS7.9AI score0.0091EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 11:15 p.m.38 views

CVE-2025-24911

Overview XML documents optionally contain a Document Type Definition DTD, which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the...

4.9CVSS0.00424EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 11:15 p.m.21 views

CVE-2025-24907

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...

6.8CVSS0.00411EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 11:15 p.m.31 views

CVE-2025-24910

Overview XML documents optionally contain a Document Type Definition DTD, which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the...

4.9CVSS0.00401EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 11:15 p.m.24 views

CVE-2025-24909

Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x...

4.4CVSS0.00281EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 11:15 p.m.13 views

CVE-2025-0756

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Description Hitachi Vantara Pentaho Data Integration &...

9.1CVSS0.0091EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 11:15 p.m.35 views

CVE-2025-0758

Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE-732 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed...

6.1CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 11:15 p.m.32 views

CVE-2025-0757

Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x...

4.4CVSS0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 10:39 p.m.22 views

CVE-2025-24907 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...

6.8CVSS0.00411EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 10:39 p.m.6 views

CVE-2025-24907 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...

6.8CVSS6.6AI score0.00411EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 10:39 p.m.68 views

CVE-2025-24907

CVE-2025-24907 concerns Hitachi Vantara Pentaho Data Integration & Analytics. Affected versions are before 10.2.0.2, including 9.3.x and 8.3.x. The issue arises because user input used as a file path through the CGG Draw API is not properly neutralized, allowing doubled triple-dot sequences ('......

6.8CVSS6.6AI score0.00411EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 10:35 p.m.8 views

CVE-2025-24911 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference

Overview XML documents optionally contain a Document Type Definition DTD, which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the...

4.9CVSS4.9AI score0.00424EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 10:35 p.m.77 views

CVE-2025-24911

Hitachi Vantara Pentaho Business Analytics Server prior to version 10.2.0.2 (including 9.3.x and 8.3.x) is vulnerable to an XML External Entity (XXE) exposure in the XMLParserFactoryProducer. The flaw can allow an attacker to read local files via a file:// URI defined as an external entity, and c...

4.9CVSS4.9AI score0.00424EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 10:35 p.m.31 views

CVE-2025-24911 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference

Overview XML documents optionally contain a Document Type Definition DTD, which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the...

4.9CVSS0.00424EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 10:32 p.m.66 views

CVE-2025-24910

Hitachi Vantara Pentaho Business Analytics Server prior to 10.2.0.2 (including 9.3.x and 8.3.x) is affected by an XML External Entity (XXE) vulnerability in MessageSourceCrawler. The issue allows an attacker to cause the application to read local files via a file:// entity, and can also trigger o...

4.9CVSS4.9AI score0.00401EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 10:32 p.m.7 views

CVE-2025-24910 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference

Overview XML documents optionally contain a Document Type Definition DTD, which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the...

4.9CVSS4.9AI score0.00401EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 10:32 p.m.31 views

CVE-2025-24910 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference

Overview XML documents optionally contain a Document Type Definition DTD, which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the...

4.9CVSS0.00401EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 10:30 p.m.65 views

CVE-2025-24909

The CVE-2025-24909 issue affects Hitachi Vantara Pentaho Business Analytics Server prior to 10.2.0.2, including 9.3.x and 8.3.x. It arises from improper neutralization of user input in the Analyzer plugin interface, allowing a malicious URL to inject content into a web page served to other users ...

4.4CVSS4.7AI score0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 10:30 p.m.7 views

CVE-2025-24909 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x...

4.4CVSS4.7AI score0.00281EPSS
Exploits0References1
Rows per page
Query Builder