Shodan
Vulnerabilities
Vulnerable Software
Hitachi:  >> Vantara Pentaho Business Analytics Server  Security Vulnerabilities
CVE-2022-4815
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 
CVSS Score
8.0
EPSS Score
0.005
Published
2023-05-24
CVE-2023-1158
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-24
CVE-2022-43938
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. 
CVSS Score
8.8
EPSS Score
0.171
Published
2023-04-03
CVE-2022-43939
Known exploited
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
CVSS Score
8.6
EPSS Score
0.867
Published
2023-04-03
CVE-2022-43940
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 
CVSS Score
8.8
EPSS Score
0.002
Published
2023-04-03
CVE-2022-43941
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 
CVSS Score
7.1
EPSS Score
0.001
Published
2023-04-03
CVE-2022-4769
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. 
CVSS Score
4.3
EPSS Score
0.002
Published
2023-04-03
CVE-2022-4770
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 
CVSS Score
4.3
EPSS Score
0.002
Published
2023-04-03
CVE-2022-4771
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 
CVSS Score
5.4
EPSS Score
0.003
Published
2023-04-03
CVE-2022-3960
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. 
CVSS Score
6.3
EPSS Score
0.001
Published
2023-04-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved