Vulnerabilities > Hitachi > Vantara Pentaho > 9.0.0

DATE CVE VULNERABILITY TITLE RISK
2021-11-08 CVE-2021-31599 Unrestricted Upload of File with Dangerous Type vulnerability in Hitachi products
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x.
network
low complexity
hitachi CWE-434
6.5
2021-11-08 CVE-2021-31600 Files or Directories Accessible to External Parties vulnerability in Hitachi products
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x.
network
low complexity
hitachi CWE-552
4.0
2021-11-08 CVE-2021-31601 Unspecified vulnerability in Hitachi products
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x.
network
low complexity
hitachi
4.0
2021-11-08 CVE-2021-31602 Improper Authentication vulnerability in Hitachi products
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x.
network
low complexity
hitachi CWE-287
5.0
2021-11-08 CVE-2021-34684 SQL Injection vulnerability in Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.
network
low complexity
hitachi CWE-89
7.5
2021-11-08 CVE-2021-34685 Unrestricted Upload of File with Dangerous Type vulnerability in Hitachi Vantara Pentaho
UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types.
network
low complexity
hitachi CWE-434
6.5
2021-01-29 CVE-2020-24669 Cross-site Scripting vulnerability in Hitachi Vantara Pentaho
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code.
network
hitachi CWE-79
3.5
2021-01-29 CVE-2020-24666 Cross-site Scripting vulnerability in Hitachi Vantara Pentaho
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code.
network
hitachi CWE-79
3.5