Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Pentaho Business Analytics Server — Vulnerabilities & Security Advisories 28

All 28 CVE vulnerabilities found in Pentaho Business Analytics Server, with AI-generated Chinese analysis, references, and POCs.

Vendor: Hitachi Vantara

CVE IDTitleCVSSSeverityPaused
CVE-2025-24911 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference CWE-611 4.9 Medium2025-04-16
CVE-2025-24910 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference CWE-611 4.9 Medium2025-04-16
CVE-2025-24909 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 4.4 Medium2025-04-16
CVE-2025-0757 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 4.4 Medium2025-04-16
CVE-2025-0758 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource CWE-732 6.1 Medium2025-04-16
CVE-2024-28984 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 8.8 High2024-06-26
CVE-2024-28983 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 8.8 High2024-06-26
CVE-2024-28982 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference CWE-776 7.1 High2024-06-26
CVE-2023-2358 Hitachi Vantara Pentaho Business Analytics Server – Password Stored in a Recoverable Format CWE-257 4.3 Medium2023-09-26
CVE-2022-4815 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data CWE-502 8.0 High2023-05-24
CVE-2023-1158 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization CWE-863 4.3 Medium2023-05-24
CVE-2022-43770 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization CWE-863 5.4 Medium2023-04-11
CVE-2022-3695 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation CWE-79 6.5 Medium2023-04-11
CVE-2022-4771 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 5.4 Medium2023-04-03
CVE-2022-4770 Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information CWE-209 4.3 Medium2023-04-03
CVE-2022-4769 Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information CWE-209 4.3 Medium2023-04-03
CVE-2022-43772 Hitachi Vantara Pentaho Business Analytics Server - Insertion of Sensitive Information into Log File CWE-532 3.8 Low2023-04-03
CVE-2022-3960 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-96 6.3 Medium2023-04-03
CVE-2022-43941 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference CWE-611 7.1 High2023-04-03
CVE-2022-43771 Hitachi Vantara Pentaho Business Analytics Server - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22 6.5 Medium2023-04-03
CVE-2022-43940 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization CWE-863 8.8 High2023-04-03
CVE-2022-43939 Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions CWE-647 8.6 High2023-04-03
CVE-2022-43938 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-96 8.8 High2023-04-03
CVE-2022-43773 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource CWE-732 8.8 High2023-04-03
CVE-2022-43769 Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-74 8.8 High2023-04-03
CVE-2021-45448 Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user supplied path to access resources that are out of bounds. CWE-22 7.1 High2022-11-02
CVE-2021-45447 Pentaho Business Analytics Server - With the Data Lineage feature enabled, the system transmits database passwords in clear text CWE-319 7.7 High2022-11-02
CVE-2021-45446 Pentaho Business Analytics Server - Exposure of Information Through Directory Listing CWE-548 5.0 Medium2022-11-02

All 28 known CVE vulnerabilities affecting Pentaho Business Analytics Server with full Chinese analysis, references, and POCs where available.