CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28981 – Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
https://notcve.org/view.php?id=CVE-2024-28981
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields. • https://support.pentaho.com/hc/en-us/articles/27569056997261--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-1-0-0-including-9-3-x-and-8-3-x-impacted-CVE-2024-28981 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28984 – Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
https://notcve.org/view.php?id=CVE-2024-28984
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. Hitachi Vantara Pentaho Business Analytics Server anterior a las versiones 10.1.0.0 y 9.3.0.7, incluida la 8.3.x, permite que una URL maliciosa inyecte contenido en la interfaz del complemento del analizador. • https://support.pentaho.com/hc/en-us/articles/27569319605901-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28984 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28983 – Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
https://notcve.org/view.php?id=CVE-2024-28983
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. Hitachi Vantara Pentaho Business Analytics Server anterior a las versiones 10.1.0.0 y 9.3.0.7, incluida la 8.3.x, permite que una URL maliciosa inyecte contenido en la interfaz del complemento del analizador. • https://support.pentaho.com/hc/en-us/articles/27569257123725-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28983 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28982 – Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference
https://notcve.org/view.php?id=CVE-2024-28982
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference. Las versiones de Hitachi Vantara Pentaho Business Analytics Server anteriores a 10.1.0.0 y 9.3.0.7, incluida 8.3.x, no protegen correctamente el endpoint del servicio ACL de Pentaho User Console contra la referencia de entidad externa XML. • https://support.pentaho.com/hc/en-us/articles/27569195609869--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28982 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5617 – Hitachi Vantara Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information
https://notcve.org/view.php?id=CVE-2023-5617
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered. Las versiones de Hitachi Vantara Pentaho Data Integration & Analytics anteriores a 10.1.0.0 y 9.3.0.6, incluidas 9.5.x y 8.3.x, muestran la versión de Tomcat cuando se encuentra un error en el servidor. • https://support.pentaho.com/hc/en-us/articles/24313358254861--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Server-generated-Error-Message-Containing-Sensitive-Information-Versions-before-10-1-0-0-and-9-3-0-6-including-all-versions-before-10-0-x-Impacted-CVE-2023-5617 • CWE-550: Server-generated Error Message Containing Sensitive Information •