cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-28981,https://securityvulnerability.io/vulnerability/CVE-2024-28981,Pentaho Data Integration & Analytics Vulnerability: Database Passwords Disclosed,"Hitachi Vantara Pentaho Data Integration & Analytics has a vulnerability that exposes database passwords when searching metadata fields that are injectable. This flaw affects versions prior to 10.1.0.0 and 9.3.0.8, as well as the 8.3.x series. The identification of insufficiently protected credentials can potentially lead to unauthorized access to sensitive data, demanding prompt attention and remediation to maintain the integrity and confidentiality of the information handled by the application.",Hitachi,Pentaho Data Integration & Analytics,8.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-09-12T00:15:00.000Z,0
CVE-2023-5617,https://securityvulnerability.io/vulnerability/CVE-2023-5617,Server Error Discloses Tomcat Version in Hitachi Vantara Pentaho Data Integration & Analytics Versions,"
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.



",Hitachi,Pentaho Data Integration & Analytics,5.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-28T22:30:40.128Z,0
CVE-2023-3517,https://securityvulnerability.io/vulnerability/CVE-2023-3517,Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers  ('Resource Injection'),"
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 
8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.

",Hitachi,Pentaho Data Integration & Analytics,8.5,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2023-12-12T23:15:00.000Z,0