Hitachi Vantara Pentaho — known CVE vulnerabilities
Every CVE whose affected-product data names Hitachi Vantara Pentaho, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2021-34684 — CVSS 9.8 (critical): Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data…
CVE-2021-31599 — CVSS 8.8 (high): An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file…
CVE-2022-4815 — CVSS 8.0 (high): Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data…
CVE-2021-45447 — CVSS 7.7 (high): Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled…
CVE-2021-31601 — CVSS 7.1 (high): An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a…
CVE-2021-45448 — CVSS 7.1 (high): Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for…
CVE-2020-24665 — CVSS 6.5 (medium): The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an…
CVE-2020-24666 — CVSS 5.4 (medium): The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an…
CVE-2020-24670 — CVSS 5.4 (medium): The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an…
CVE-2020-24664 — CVSS 5.4 (medium): The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an…
CVE-2020-24669 — CVSS 5.4 (medium): The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows…
CVE-2021-31602 — CVSS 5.3 (medium): An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has…
CVE-2021-45446 — CVSS 5.0 (medium): A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden…
CVE-2021-31600 — CVSS 4.3 (medium): An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a…
CVE-2023-1158 — CVSS 4.3 (medium): Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users…
CVE-2021-34685 — CVSS 2.7 (low): UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an…