Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vantara_pentaho_business_analytics_server
(Hitachi)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-03 | CVE-2022-4770 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). | Vantara_pentaho_business_analytics_server | 4.3 | ||
| 2023-04-03 | CVE-2022-4771 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. | Vantara_pentaho_business_analytics_server | 6.1 | ||
| 2023-05-24 | CVE-2022-4815 | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. | Vantara_pentaho, Vantara_pentaho_business_analytics_server | 8.8 | ||
| 2023-05-24 | CVE-2023-1158 | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. | Vantara_pentaho, Vantara_pentaho_business_analytics_server | 4.3 |