Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:NHitachi Pentaho Data Integration And Analytics
APPHitachi1.0 – 9.3.0.5 (bez)9.4.0.0 – 9.5.0.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2025-11159CRITICAL9.1PL ✓ten sam vendor
Hitachi Vantara Pentaho – RCE przez podatny sterownik JDBC H2
CVE-2025-11158CRITICAL9.1PL ✓ten sam vendor
RCE przez brak restrykcji skryptów Groovy w raportach PRPT — Pentaho
CVE-2023-34142CRITICAL9.0ten sam vendor
Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Dev...
CVE-2022-41552CRITICAL9.8ten sam vendor
Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Ce...
CVE-2022-34882CRITICAL9.0ten sam vendor
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapte...