Show filters
10 Total Results
Displaying 1-10 of 10
Sort by:
Attacker Value
High

CVE-2022-43769

Disclosure Date: April 03, 2023 (last updated February 14, 2025)
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
2
1
Attacker Value
Moderate

CVE-2022-43939

Disclosure Date: April 03, 2023 (last updated February 14, 2025)
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
2
1
Attacker Value
Unknown

CVE-2023-1158

Disclosure Date: May 24, 2023 (last updated October 08, 2023)
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-4815

Disclosure Date: May 24, 2023 (last updated October 08, 2023)
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-4771

Disclosure Date: April 03, 2023 (last updated November 08, 2023)
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-43941

Disclosure Date: April 03, 2023 (last updated November 08, 2023)
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-43940

Disclosure Date: April 03, 2023 (last updated November 08, 2023)
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-43938

Disclosure Date: April 03, 2023 (last updated November 08, 2023)
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. 
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-3960

Disclosure Date: April 03, 2023 (last updated November 08, 2023)
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. 
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-43773

Disclosure Date: April 03, 2023 (last updated November 08, 2023)
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. 
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0