Vantara Pentaho Business Analytics Server Security Vulnerabilities and Issues — Vantara Pentaho Business Analytics Server CVE List

Lucene search

HitachiVantara Pentaho Business Analytics Server

4 matches found

CVE•added 2023/04/03 7:15 p.m.•51 views

CVE-2022-4771

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables.

6.1CVSS5.8AI score0.00251EPSS

CVE•added 2023/04/03 7:15 p.m.•36 views

CVE-2022-43771

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.

6.5CVSS6.5AI score0.10392EPSS

CVE•added 2023/04/03 7:15 p.m.•35 views

CVE-2022-43772

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.

6.5CVSS5.4AI score0.00119EPSS

CVE•added 2023/04/03 7:15 p.m.•34 views

CVE-2022-3960

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin.

6.3CVSS6.2AI score0.00139EPSS