Vulnerabilities > Hitachi > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-03 CVE-2022-43772 Information Exposure Through Log Files vulnerability in Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. 
network
low complexity
hitachi CWE-532
6.5
2023-04-03 CVE-2022-43941 XXE vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 
network
low complexity
hitachi CWE-611
6.5
2023-04-03 CVE-2022-4769 Information Exposure Through an Error Message vulnerability in Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. 
network
low complexity
hitachi CWE-209
4.3
2023-04-03 CVE-2022-4770 Information Exposure Through an Error Message vulnerability in Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 
network
low complexity
hitachi CWE-209
4.3
2023-04-03 CVE-2022-4771 Cross-site Scripting vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 
network
low complexity
hitachi CWE-79
6.1
2022-12-21 CVE-2021-4266 Cross-site Scripting vulnerability in Hitachi Community Plugin Framework
A vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80.
network
low complexity
hitachi CWE-79
6.1
2022-11-02 CVE-2021-45448 Path Traversal vulnerability in Hitachi Vantara Pentaho 8.3.0.0/8.3.0.25/8.3.0.9
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds.  The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
network
low complexity
hitachi CWE-22
6.5
2022-11-01 CVE-2020-36605 Incorrect Default Permissions vulnerability in Hitachi products
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00.
local
low complexity
hitachi CWE-276
4.4
2022-11-01 CVE-2022-3191 Information Exposure Through Log Files vulnerability in Hitachi OPS Center Analyzer
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00
local
low complexity
hitachi CWE-532
5.5
2022-11-01 CVE-2022-41553 Information Exposure Through Log Files vulnerability in Hitachi products
Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.
local
low complexity
hitachi CWE-532
5.5