Skip to main content

Pentaho Business Analytics Server

3 CVEs product

Monthly

CVE-2024-28984 MEDIUM This Month

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pentaho Business Analytics Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-28983 MEDIUM This Month

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pentaho Business Analytics Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-28982 HIGH This Week

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Pentaho Business Analytics Server
NVD
CVSS 3.1
8.2
EPSS
0.4%
EPSS 0% CVSS 6.1
MEDIUM This Month

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pentaho Business Analytics Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pentaho Business Analytics Server
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Pentaho Business Analytics Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy