Vulnerabilities > Hitachi > Pentaho Business Analytics Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-26 | CVE-2024-28982 | XML Entity Expansion vulnerability in Hitachi Pentaho Business Analytics Server Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference. | 8.2 |
| 2024-06-26 | CVE-2024-28984 | Cross-site Scripting vulnerability in Hitachi Pentaho Business Analytics Server Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. | 6.1 |