cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-34685,https://securityvulnerability.io/vulnerability/CVE-2021-34685,File Upload Vulnerabilities in Hitachi Vantara Pentaho Business Analytics,"The UploadService in Hitachi Vantara's Pentaho Business Analytics versions up to 9.1 contains a security flaw in its file upload handling. This vulnerability allows authenticated users to bypass file type restrictions, specifically enabling the upload of malicious files. The system fails to adequately verify uploaded files, permitting the execution of a .jsp. file, which can lead to remote code execution and compromise system integrity.",Hitachi,Vantara Pentaho,2.7,LOW,0.0340999998152256,false,,false,false,false,,,false,false,,2021-11-08T03:37:53.000Z,0
CVE-2021-34684,https://securityvulnerability.io/vulnerability/CVE-2021-34684,SQL Injection Vulnerability in Hitachi Vantara Pentaho Business Analytics,"The vulnerability in Hitachi Vantara Pentaho Business Analytics through version 9.1 allows an unauthenticated user to execute arbitrary SQL queries. This vulnerability can be exploited via specific URIs, enabling attackers to gain unauthorized access to sensitive data stored within related databases. If exploited, it could lead to severe data breaches, making it imperative for users to apply necessary security updates to mitigate risks.",Hitachi,Vantara Pentaho,9.8,CRITICAL,0.019899999722838402,false,,false,false,false,,,false,false,,2021-11-08T03:34:33.000Z,0
CVE-2021-31602,https://securityvulnerability.io/vulnerability/CVE-2021-31602,Access Control Flaw in Hitachi Vantara Pentaho Products,"A vulnerability affecting Hitachi Vantara Pentaho products, including versions up to 9.1 and Pentaho Business Intelligence Server up to 7.x, allows unauthenticated users to extract sensitive information. This issue arises from a flaw in the applicationContext security configuration, which fails to restrict access properly. As a result, attackers with no previous knowledge of the system’s settings can retrieve critical data without the need for valid credentials.",Hitachi,"Vantara Pentaho,Vantara Pentaho Business Intelligence Server",5.3,MEDIUM,0.3301900029182434,false,,false,false,false,,,false,false,,2021-11-08T03:30:32.000Z,0
CVE-2021-31601,https://securityvulnerability.io/vulnerability/CVE-2021-31601,Insufficient Access Control in Hitachi Vantara Pentaho and Business Intelligence Server,"In Hitachi Vantara's Pentaho and Pentaho Business Intelligence Server, an issue allows an authenticated user, irrespective of their permission level, to enumerate all database connection details and credentials via web services utilizing the SOAP protocol. This flaw poses significant risks as sensitive information can be easily exposed, enabling unauthorized access to backend systems.",Hitachi,"Vantara Pentaho,Vantara Pentaho Business Intelligence Server",7.1,HIGH,0.004660000093281269,false,,false,false,false,,,false,false,,2021-11-08T03:27:58.000Z,0
CVE-2021-31600,https://securityvulnerability.io/vulnerability/CVE-2021-31600,User Enumeration Vulnerability in Hitachi Vantara Pentaho Business Intelligence Server,"A vulnerability has been identified in Hitachi Vantara's Pentaho Business Intelligence Server 9.1 and earlier 7.x versions, where web services utilizing the SOAP protocol enable authenticated users to enumerate valid usernames within the system. This issue exposes a critical component of user management, allowing any authenticated individual—regardless of their access privileges—to discover all existing usernames, potentially leading to further attacks or unauthorized access attempts.",Hitachi,"Vantara Pentaho,Vantara Pentaho Business Intelligence Server",4.3,MEDIUM,0.00107999995816499,false,,false,false,false,,,false,false,,2021-11-08T03:26:24.000Z,0
CVE-2021-31599,https://securityvulnerability.io/vulnerability/CVE-2021-31599,Remote Code Execution Vulnerability in Hitachi Vantara Pentaho,"A security flaw has been identified in Hitachi Vantara Pentaho systems, which impacts the Pentaho Business Intelligence Server up to version 9.1 and earlier versions of the Pentaho Business Intelligence Server up to version 7.x. This vulnerability arises from the ability to include BeanShell scripts within reports (.prpt files), which allows an authenticated user to execute arbitrary code on the affected server. This risk poses significant challenges for data integrity and can lead to unauthorized access and manipulation of sensitive information.",Hitachi,"Vantara Pentaho,Vantara Pentaho Business Intelligence Server",8.8,HIGH,0.005030000116676092,false,,false,false,false,,,false,false,,2021-11-08T03:24:49.000Z,0
CVE-2020-24666,https://securityvulnerability.io/vulnerability/CVE-2020-24666,Stored Cross-Site Scripting in Hitachi Vantara Pentaho,"The Analysis Report feature in Hitachi Vantara Pentaho versions 7.x to 8.x is susceptible to a stored cross-site scripting vulnerability. This flaw allows authenticated remote users to inject and execute arbitrary JavaScript code through the 'Display Name' parameter. Attackers leveraging this vulnerability could potentially manipulate user sessions, steal sensitive information, and conduct phishing attacks. The issue has been addressed and remediated in versions 9.1.0.1 and onwards, emphasizing the importance of updating to secure systems against such risks.",Hitachi,Vantara Pentaho,5.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2021-01-29T19:00:06.000Z,0
CVE-2020-24664,https://securityvulnerability.io/vulnerability/CVE-2020-24664,Reflected Cross-Site Scripting Vulnerability in Hitachi Vantara Pentaho Dashboard Editor,"The Hitachi Vantara Pentaho Dashboard Editor exposes a reflected cross-site scripting (XSS) vulnerability that can be exploited by authenticated remote users. The flaw is related to the 'pho:title' attribute within the 'dashboardXml' parameter, allowing attackers to execute arbitrary JavaScript code in the context of the user's session. This can lead to unauthorized actions and data theft. To mitigate the risk, users are advised to update to versions 7.1.0.25, 8.2.0.6, or 8.3.0.0 GA or newer.",Hitachi,Vantara Pentaho,5.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2021-01-29T18:56:43.000Z,0
CVE-2020-24670,https://securityvulnerability.io/vulnerability/CVE-2020-24670,Reflected Cross-Site Scripting in Hitachi Vantara Pentaho Dashboard Editor,"The Dashboard Editor in Hitachi Vantara Pentaho versions 7.x through 8.x contains a reflected Cross-Site Scripting vulnerability that can be exploited by authenticated remote users. By manipulating the 'type' attribute of the 'dashboardXml' parameter, an attacker can inject and execute arbitrary JavaScript code within the context of a user's session. This vulnerability poses significant security risks, as it may lead to unauthorized actions on behalf of the user. The vulnerability has been addressed in versions 7.1.0.25, 8.2.0.6, and 8.3.0.0 GA.",Hitachi,Vantara Pentaho,5.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2021-01-29T18:50:44.000Z,0
CVE-2020-24669,https://securityvulnerability.io/vulnerability/CVE-2020-24669,DOM-Based Cross-Site Scripting Vulnerability in Hitachi Vantara Pentaho,"Hitachi Vantara Pentaho versions 7.x through 8.x are susceptible to a DOM-based cross-site scripting (XSS) vulnerability. This issue allows authenticated remote users to inject and execute arbitrary JavaScript code through the 'Analysis Report Description' field found in the 'About this Report' section. The vulnerability has been remediated in versions 8.3.0.9, 9.0.0.1, and 9.1.0.0 GA, emphasizing the importance for users to update their installations to ensure system security.",Hitachi,Vantara Pentaho,5.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2021-01-29T18:46:36.000Z,0
CVE-2020-24665,https://securityvulnerability.io/vulnerability/CVE-2020-24665,XML Entity Expansion Injection Vulnerability in Hitachi Vantara Pentaho,"The Dashboard Editor in Hitachi Vantara Pentaho versions 7.x and 8.x is susceptible to an XML Entity Expansion injection vulnerability. This issue allows authenticated remote users to exploit the 'dashboardXml' parameter, potentially leading to a denial of service (DoS) condition. To mitigate this risk, users are advised to upgrade to patched versions 7.1.0.25, 8.2.0.6, or 8.3.0.0 GA.",Hitachi,Vantara Pentaho,6.5,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2021-01-29T18:41:03.000Z,0