Vulnerabilities > Hitachi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-08 | CVE-2021-34684 | SQL Injection vulnerability in Hitachi Vantara Pentaho Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI. | 9.8 |
| 2021-11-08 | CVE-2021-34685 | Unrestricted Upload of File with Dangerous Type vulnerability in Hitachi Vantara Pentaho UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. | 7.2 |
| 2021-10-12 | CVE-2021-29644 | Integer Overflow or Wraparound vulnerability in Hitachi products Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. | 9.8 |
| 2021-10-12 | CVE-2021-29645 | Unspecified vulnerability in Hitachi products Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. | 7.8 |
| 2021-09-29 | CVE-2021-41573 | Files or Directories Accessible to External Parties vulnerability in Hitachi Content Platform Anywhere 4.4.5/4.5.0 Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. | 6.5 |
| 2021-06-28 | CVE-2021-20740 | OS Command Injection vulnerability in multiple products Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors. | 8.8 |
| 2021-06-22 | CVE-2021-20741 | Cross-site Scripting vulnerability in Hitachi Application Server V10 Manual 101101 Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified vectors. | 6.1 |
| 2021-06-09 | CVE-2021-3196 | Improper Verification of Cryptographic Signature vulnerability in Hitachi ID Bravura Security Fabric 12.1.0 An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. | 8.8 |
| 2021-01-29 | CVE-2020-24670 | Cross-site Scripting vulnerability in Hitachi Vantara Pentaho 7.0.0/8.0.0 The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. | 5.4 |
| 2021-01-29 | CVE-2020-24669 | Cross-site Scripting vulnerability in Hitachi Vantara Pentaho The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. | 5.4 |