Vulnerabilities > Hitachi > Vantara Pentaho > 7.1.0.25
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-08 | CVE-2021-31599 | Unrestricted Upload of File with Dangerous Type vulnerability in Hitachi products An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. | 8.8 |
| 2021-11-08 | CVE-2021-31600 | Files or Directories Accessible to External Parties vulnerability in Hitachi products An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. | 4.3 |
| 2021-11-08 | CVE-2021-31601 | Unspecified vulnerability in Hitachi products An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. | 6.5 |
| 2021-11-08 | CVE-2021-31602 | Improper Authentication vulnerability in Hitachi products An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. | 7.5 |
| 2021-11-08 | CVE-2021-34684 | SQL Injection vulnerability in Hitachi Vantara Pentaho Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI. | 9.8 |
| 2021-11-08 | CVE-2021-34685 | Unrestricted Upload of File with Dangerous Type vulnerability in Hitachi Vantara Pentaho UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. | 7.2 |
| 2021-01-29 | CVE-2020-24669 | Cross-site Scripting vulnerability in Hitachi Vantara Pentaho The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. | 5.4 |
| 2021-01-29 | CVE-2020-24666 | Cross-site Scripting vulnerability in Hitachi Vantara Pentaho The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. | 5.4 |