Shodan
Vulnerabilities
Vulnerable Software
Hitachi:  Security Vulnerabilities
CVE-2023-1158
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 
CVSS Score
4.3
EPSS Score
0.004
Published
2023-05-24
CVE-2023-30469
Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00.
CVSS Score
7.6
EPSS Score
0.004
Published
2023-05-23
CVE-2022-43938
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. 
CVSS Score
8.8
EPSS Score
0.266
Published
2023-04-03
CVE-2022-43939
Known exploited
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
CVSS Score
8.6
EPSS Score
0.923
Published
2023-04-03
CVE-2022-43940
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 
CVSS Score
8.8
EPSS Score
0.006
Published
2023-04-03
CVE-2022-43941
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 
CVSS Score
7.1
EPSS Score
0.005
Published
2023-04-03
CVE-2022-4769
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. 
CVSS Score
4.3
EPSS Score
0.004
Published
2023-04-03
CVE-2022-4770
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 
CVSS Score
4.3
EPSS Score
0.004
Published
2023-04-03
CVE-2022-4771
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 
CVSS Score
5.4
EPSS Score
0.004
Published
2023-04-03
CVE-2022-3960
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. 
CVSS Score
6.3
EPSS Score
0.005
Published
2023-04-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved