Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vantara_pentaho_business_analytics_server
(Hitachi)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-03 | CVE-2022-43769 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. | Vantara_pentaho_business_analytics_server | 7.2 | ||
| 2023-04-03 | CVE-2022-43939 | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. | Vantara_pentaho_business_analytics_server | 9.8 | ||
| 2023-04-03 | CVE-2022-43773 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. | Vantara_pentaho_business_analytics_server | 8.8 | ||
| 2023-04-03 | CVE-2022-3960 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. | Vantara_pentaho_business_analytics_server | 6.3 | ||
| 2023-04-03 | CVE-2022-43771 | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds. | Vantara_pentaho_business_analytics_server | 6.5 | ||
| 2023-04-03 | CVE-2022-43772 | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. | Vantara_pentaho_business_analytics_server | 6.5 | ||
| 2023-04-03 | CVE-2022-43938 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. | Vantara_pentaho_business_analytics_server | 8.8 | ||
| 2023-04-03 | CVE-2022-43940 | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. | Vantara_pentaho_business_analytics_server | 8.8 | ||
| 2023-04-03 | CVE-2022-43941 | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. | Vantara_pentaho_business_analytics_server | 6.5 | ||
| 2023-04-03 | CVE-2022-4769 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. | Vantara_pentaho_business_analytics_server | 4.3 |