Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Hitachi Subscribe
Filtered by product Vantara Pentaho Data Integration And Analytics
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2026-2255 1 Hitachi 1 Vantara Pentaho Data Integration And Analytics 2026-06-18 N/A 4.3 MEDIUM
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.
CVE-2026-2254 1 Hitachi 1 Vantara Pentaho Data Integration And Analytics 2026-06-18 N/A 6.3 MEDIUM
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.
CVE-2026-2253 1 Hitachi 1 Vantara Pentaho Data Integration And Analytics 2026-06-18 N/A 7.7 HIGH
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
CVE-2025-11159 1 Hitachi 1 Vantara Pentaho Data Integration And Analytics 2026-06-17 N/A 9.1 CRITICAL
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.
CVE-2025-11158 1 Hitachi 1 Vantara Pentaho Data Integration And Analytics 2026-06-17 N/A 9.1 CRITICAL
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
CVE-2023-5617 1 Hitachi 1 Vantara Pentaho Data Integration And Analytics 2026-06-17 N/A 5.3 MEDIUM
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.