Page 2 of 14 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. • https://support.pentaho.com/hc/en-us/articles/14454594588045--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Insertion-of-Sensitive-Information-into-Log-File-Versions-before-9-4-0-0-and-9-3-0-1-including-8-3-x-Impacted-CVE-2022-43772- • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. • https://support.pentaho.com/hc/en-us/articles/14456813547917--Resolved-Pentaho-BA-Server-Improper-Neutralization-of-Directives-in-Statically-Saved-Code-Static-Code-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43940-CVE-2022-3960- • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. • https://support.pentaho.com/hc/en-us/articles/14456719346957--Resolved-Pentaho-BA-Server-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43940-CVE-2022-43941- • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds. • https://support.pentaho.com/hc/en-us/articles/14455007818509--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Limitation-of-a-Pathname-to-a-Restricted-Directory-Path-Traversal-Versions-before-9-4-0-0-and-9-3-0-1-including-8-3-x-Impacted-CVE-2022-43771- • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. • https://support.pentaho.com/hc/en-us/articles/14456609400973--Resolved-Pentaho-BA-Server-Incorrect-Authorization-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43940- • CWE-863: Incorrect Authorization •