Hitachi: >> Vantara Pentaho Business Analytics Server Security Vulnerabilities
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.
CVSS Score
6.5
EPSS Score
0.104
Published
2023-04-03
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.
CVSS Score
3.8
EPSS Score
0.001
Published
2023-04-03
CVE-2022-43769
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
Known exploited
CVSS Score
8.8
EPSS Score
0.938
Published
2023-04-03
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled.
CVSS Score
8.8
EPSS Score
0.08
Published
2023-04-03
Page 2