Vulnerabilities > Hitachi > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-26 | CVE-2024-28983 | Cross-site Scripting vulnerability in Hitachi Business Analytics Server Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. | 6.1 |
| 2024-06-26 | CVE-2024-28984 | Cross-site Scripting vulnerability in Hitachi Pentaho Business Analytics Server Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. | 6.1 |
| 2023-12-11 | CVE-2023-6538 | Unspecified vulnerability in Hitachi System Management Unit Firmware SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. | 6.5 |
| 2023-12-05 | CVE-2023-5808 | Improper Authentication vulnerability in Hitachi Vantara Hitachi Network Attached Storage 14.6.7520.04/14.8.7825.01 SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. | 6.5 |
| 2023-10-03 | CVE-2023-3335 | Information Exposure Through Log Files vulnerability in Hitachi OPS Center Administrator Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00. | 5.5 |
| 2023-08-23 | CVE-2023-39986 | Out-of-bounds Read vulnerability in Hitachi Eh-View ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations. | 5.5 |
| 2023-05-24 | CVE-2023-1158 | Incorrect Authorization vulnerability in Hitachi products Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. | 4.3 |
| 2023-05-23 | CVE-2023-30469 | Cross-site Scripting vulnerability in Hitachi OPS Center Analyzer 10.9.100 Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00. | 6.1 |
| 2023-04-03 | CVE-2022-3960 | Code Injection vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. | 6.3 |
| 2023-04-03 | CVE-2022-43771 | Path Traversal vulnerability in Hitachi Vantara Pentaho Business Analytics Server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds. | 6.5 |