| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-43940 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization | Hitachi Vantara | Pentaho Business Analytics Server | High | 8.8 | 2023-04-03 18:25:33 | Deep Dive |
| CVE-2022-43939 | Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions | Hitachi Vantara | Pentaho Business Analytics Server | High | 8.6 | 2023-04-03 18:10:32 | Deep Dive |
| CVE-2022-43938 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | Hitachi Vantara | Pentaho Business Analytics Server | High | 8.8 | 2023-04-03 18:06:54 | Deep Dive |
| CVE-2022-43773 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource | Hitachi Vantara | Pentaho Business Analytics Server | High | 8.8 | 2023-04-03 17:59:17 | Deep Dive |
| CVE-2022-43769 | Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | Hitachi Vantara | Pentaho Business Analytics Server | High | 8.8 | 2023-04-03 17:47:46 | Deep Dive |
| CVE-2021-45448 | Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user supplied path to access resources that are out of bounds. | Hitachi Vantara | Pentaho Business Analytics Server | High | 7.1 | 2022-11-02 15:12:25 | Deep Dive |
| CVE-2021-45447 | Pentaho Business Analytics Server - With the Data Lineage feature enabled, the system transmits database passwords in clear text | Hitachi Vantara | Pentaho Business Analytics Server | High | 7.7 | 2022-11-02 14:56:02 | Deep Dive |
| CVE-2021-45446 | Pentaho Business Analytics Server - Exposure of Information Through Directory Listing | Hitachi Vantara | Pentaho Business Analytics Server | Medium | 5.0 | 2022-11-02 14:26:02 | Deep Dive |
| CVE-2021-28052 | Hitachi Content Platform Information Disclosure Vulnerability | Hitachi Vantara | Hitachi Content Platform | High | 7.5 | 2022-09-26 15:10:26 | Deep Dive |