Shodan
Vulnerabilities
Vulnerable Software
Hitachi:  Security Vulnerabilities
CVE-2022-43938
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. 
CVSS Score
8.8
EPSS Score
0.21
Published
2023-04-03
CVE-2022-43939
Known exploited
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
CVSS Score
8.6
EPSS Score
0.867
Published
2023-04-03
CVE-2022-43940
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 
CVSS Score
8.8
EPSS Score
0.002
Published
2023-04-03
CVE-2022-43941
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 
CVSS Score
7.1
EPSS Score
0.001
Published
2023-04-03
CVE-2022-4769
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. 
CVSS Score
4.3
EPSS Score
0.002
Published
2023-04-03
CVE-2022-4770
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 
CVSS Score
4.3
EPSS Score
0.002
Published
2023-04-03
CVE-2022-4771
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 
CVSS Score
5.4
EPSS Score
0.003
Published
2023-04-03
CVE-2022-3960
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. 
CVSS Score
6.3
EPSS Score
0.001
Published
2023-04-03
CVE-2022-43771
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.  
CVSS Score
6.5
EPSS Score
0.104
Published
2023-04-03
CVE-2022-43772
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. 
CVSS Score
3.8
EPSS Score
0.001
Published
2023-04-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved