Vantara Pentaho Security Vulnerabilities and Issues — Vantara Pentaho CVE List

Lucene search

HitachiVantara Pentaho

3 matches found

CVE•added 2022/11/02 3:15 p.m.•46 views

CVE-2021-45446

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources locatedinside the directory.

7.5CVSS6.1AI score0.00167EPSS

CVE•added 2022/11/02 3:15 p.m.•42 views

CVE-2021-45447

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to thenetwork to sniff and obtain ...

7.7CVSS7.5AI score0.00111EPSS

CVE•added 2022/11/02 4:15 p.m.•38 views

CVE-2021-45448

Pentaho Business AnalyticsServer versions before 9.2.0.2 and 8.3.0.25 using the PentahoAnalyzer plugin exposes a service endpoint for templates which allows auser-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to i...

7.1CVSS6.6AI score0.00245EPSS