cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-31602,https://securityvulnerability.io/vulnerability/CVE-2021-31602,Access Control Flaw in Hitachi Vantara Pentaho Products,"A vulnerability affecting Hitachi Vantara Pentaho products, including versions up to 9.1 and Pentaho Business Intelligence Server up to 7.x, allows unauthenticated users to extract sensitive information. This issue arises from a flaw in the applicationContext security configuration, which fails to restrict access properly. As a result, attackers with no previous knowledge of the system’s settings can retrieve critical data without the need for valid credentials.",Hitachi,"Vantara Pentaho,Vantara Pentaho Business Intelligence Server",5.3,MEDIUM,0.3301900029182434,false,,false,false,false,,,false,false,,2021-11-08T03:30:32.000Z,0
CVE-2021-31601,https://securityvulnerability.io/vulnerability/CVE-2021-31601,Insufficient Access Control in Hitachi Vantara Pentaho and Business Intelligence Server,"In Hitachi Vantara's Pentaho and Pentaho Business Intelligence Server, an issue allows an authenticated user, irrespective of their permission level, to enumerate all database connection details and credentials via web services utilizing the SOAP protocol. This flaw poses significant risks as sensitive information can be easily exposed, enabling unauthorized access to backend systems.",Hitachi,"Vantara Pentaho,Vantara Pentaho Business Intelligence Server",7.1,HIGH,0.004660000093281269,false,,false,false,false,,,false,false,,2021-11-08T03:27:58.000Z,0
CVE-2021-31600,https://securityvulnerability.io/vulnerability/CVE-2021-31600,User Enumeration Vulnerability in Hitachi Vantara Pentaho Business Intelligence Server,"A vulnerability has been identified in Hitachi Vantara's Pentaho Business Intelligence Server 9.1 and earlier 7.x versions, where web services utilizing the SOAP protocol enable authenticated users to enumerate valid usernames within the system. This issue exposes a critical component of user management, allowing any authenticated individual—regardless of their access privileges—to discover all existing usernames, potentially leading to further attacks or unauthorized access attempts.",Hitachi,"Vantara Pentaho,Vantara Pentaho Business Intelligence Server",4.3,MEDIUM,0.00107999995816499,false,,false,false,false,,,false,false,,2021-11-08T03:26:24.000Z,0
CVE-2021-31599,https://securityvulnerability.io/vulnerability/CVE-2021-31599,Remote Code Execution Vulnerability in Hitachi Vantara Pentaho,"A security flaw has been identified in Hitachi Vantara Pentaho systems, which impacts the Pentaho Business Intelligence Server up to version 9.1 and earlier versions of the Pentaho Business Intelligence Server up to version 7.x. This vulnerability arises from the ability to include BeanShell scripts within reports (.prpt files), which allows an authenticated user to execute arbitrary code on the affected server. This risk poses significant challenges for data integrity and can lead to unauthorized access and manipulation of sensitive information.",Hitachi,"Vantara Pentaho,Vantara Pentaho Business Intelligence Server",8.8,HIGH,0.005030000116676092,false,,false,false,false,,,false,false,,2021-11-08T03:24:49.000Z,0