Vulnerabilities > Hitachi > Vantara Pentaho > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-24 CVE-2023-1158 Incorrect Authorization vulnerability in Hitachi products
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 
network
low complexity
hitachi CWE-863
4.3
2022-11-02 CVE-2021-45448 Path Traversal vulnerability in Hitachi Vantara Pentaho 8.3.0.0/8.3.0.25/8.3.0.9
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds.  The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
network
low complexity
hitachi CWE-22
6.5
2021-11-08 CVE-2021-31600 Files or Directories Accessible to External Parties vulnerability in Hitachi products
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x.
network
low complexity
hitachi CWE-552
4.3
2021-11-08 CVE-2021-31601 Unspecified vulnerability in Hitachi products
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x.
network
low complexity
hitachi
6.5
2021-01-29 CVE-2020-24670 Cross-site Scripting vulnerability in Hitachi Vantara Pentaho 7.0.0/8.0.0
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code.
network
low complexity
hitachi CWE-79
5.4
2021-01-29 CVE-2020-24669 Cross-site Scripting vulnerability in Hitachi Vantara Pentaho
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code.
network
low complexity
hitachi CWE-79
5.4
2021-01-29 CVE-2020-24666 Cross-site Scripting vulnerability in Hitachi Vantara Pentaho
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code.
network
low complexity
hitachi CWE-79
5.4
2021-01-29 CVE-2020-24665 XML Entity Expansion vulnerability in Hitachi Vantara Pentaho 7.0.0/8.0.0
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition.
network
low complexity
hitachi CWE-776
6.5
2021-01-29 CVE-2020-24664 Cross-site Scripting vulnerability in Hitachi Vantara Pentaho 7.0.0/8.0.0
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code.
network
low complexity
hitachi CWE-79
5.4