Vulnerabilities > Hitachivantara
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-2358 | Cleartext Storage of Sensitive Information vulnerability in Hitachivantara Pentaho Business Analytics Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext. | 4.9 |
| 2023-04-11 | CVE-2022-3695 | Cross-site Scripting vulnerability in Hitachivantara Pentaho Business Analytics 8.0 Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present. | 6.1 |
| 2023-04-11 | CVE-2022-43770 | Incorrect Authorization vulnerability in Hitachivantara Pentaho Business Analytics 8.0 Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API. | 8.1 |
| 2017-11-28 | CVE-2016-10701 | Cross-Site Request Forgery (CSRF) vulnerability in Hitachivantara Pentaho Business Analytics In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. | 6.8 |