Hitachi: >> Vantara Pentaho Data Integration And Analytics Security Vulnerabilities
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-05-13
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-03-10
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-02-28