Filtered by vendor Hitachi
Subscriptions
Filtered by product Vantara Pentaho Business Analytics Server
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4769 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2025-02-11 | 4.3 Medium |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. | ||||
| CVE-2022-4770 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2025-02-11 | 4.3 Medium |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). | ||||
| CVE-2022-4771 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2025-02-11 | 5.4 Medium |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. | ||||
| CVE-2023-1158 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Analytics Server | 2025-01-16 | 4.3 Medium |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. | ||||
| CVE-2022-4815 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Analytics Server | 2025-01-16 | 8 High |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. | ||||