Skip to main content

Vantara Pentaho

7 CVEs product

Monthly

CVE-2023-1158 MEDIUM This Month

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vantara Pentaho Vantara Pentaho Business Analytics Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-34685 HIGH POC This Week

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Vantara Pentaho
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2021-34684 CRITICAL POC Act Now

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vantara Pentaho
NVD
CVSS 3.1
9.8
EPSS
5.8%
CVE-2021-31602 HIGH POC THREAT This Week

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Vantara Pentaho Vantara Pentaho Business Intelligence Server
NVD
CVSS 3.1
7.5
EPSS
51.7%
CVE-2021-31601 MEDIUM POC This Month

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vantara Pentaho Vantara Pentaho Business Intelligence Server
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-31600 MEDIUM POC This Month

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Vantara Pentaho Vantara Pentaho Business Intelligence Server
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-31599 HIGH POC This Week

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Vantara Pentaho Vantara Pentaho Business Intelligence Server
NVD
CVSS 3.1
8.8
EPSS
2.3%
EPSS 0% CVSS 4.3
MEDIUM This Month

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vantara Pentaho Vantara Pentaho Business Analytics Server
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Vantara Pentaho
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vantara Pentaho
NVD
EPSS 52% CVSS 7.5
HIGH POC THREAT This Week

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Vantara Pentaho +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vantara Pentaho Vantara Pentaho Business Intelligence Server
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Vantara Pentaho +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Vantara Pentaho +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy