Vulnerabilities > Hitachi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-08 | CVE-2021-31599 | Unrestricted Upload of File with Dangerous Type vulnerability in Hitachi products An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. | 6.5 |
| 2021-11-08 | CVE-2021-31600 | Files or Directories Accessible to External Parties vulnerability in Hitachi products An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. | 4.0 |
| 2021-11-08 | CVE-2021-31601 | Unspecified vulnerability in Hitachi products An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. | 4.0 |
| 2021-11-08 | CVE-2021-31602 | Improper Authentication vulnerability in Hitachi products An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. | 5.0 |
| 2021-11-08 | CVE-2021-34684 | SQL Injection vulnerability in Hitachi Vantara Pentaho Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI. | 7.5 |
| 2021-11-08 | CVE-2021-34685 | Unrestricted Upload of File with Dangerous Type vulnerability in Hitachi Vantara Pentaho UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. | 6.5 |
| 2021-10-12 | CVE-2021-29644 | Integer Overflow or Wraparound vulnerability in Hitachi products Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. | 10.0 |
| 2021-10-12 | CVE-2021-29645 | Unspecified vulnerability in Hitachi products Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. | 4.6 |
| 2021-09-29 | CVE-2021-41573 | Files or Directories Accessible to External Parties vulnerability in Hitachi Content Platform Anywhere 4.4.5/4.5.0 Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. | 4.0 |
| 2021-06-28 | CVE-2021-20740 | OS Command Injection vulnerability in multiple products Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors. | 9.0 |