Vulnerabilities (CVE)

Filtered by vendor Hitachi Subscribe
Total 167 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1158 1 Hitachi 2 Vantara Pentaho, Vantara Pentaho Business Analytics Server 2023-06-01 N/A 4.3 MEDIUM
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 
CVE-2022-4815 1 Hitachi 2 Vantara Pentaho, Vantara Pentaho Business Analytics Server 2023-06-01 N/A 8.8 HIGH
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 
CVE-2023-30469 2 Hitachi, Linux 2 Ops Center Analyzer, Linux Kernel 2023-05-30 N/A 6.1 MEDIUM
Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00.
CVE-2022-41553 2 Hitachi, Linux 3 Infrastructure Analytics Advisor, Ops Center Analyzer, Linux Kernel 2023-05-16 N/A 5.5 MEDIUM
Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.
CVE-2022-43939 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2023-05-11 N/A 9.8 CRITICAL
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. 
CVE-2022-43769 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2023-05-11 N/A 7.2 HIGH
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. 
CVE-2022-34882 3 Docker, Hitachi, Microsoft 3 Docker, Raid Manager Storage Replication Adapter, Windows 2023-04-21 N/A 6.5 MEDIUM
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.
CVE-2022-34883 3 Docker, Hitachi, Microsoft 3 Docker, Raid Manager Storage Replication Adapter, Windows 2023-04-21 N/A 8.8 HIGH
OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.
CVE-2022-43773 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2023-04-12 N/A 8.8 HIGH
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled.
CVE-2022-43771 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2023-04-10 N/A 6.5 MEDIUM
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.
CVE-2022-3960 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2023-04-10 N/A 6.3 MEDIUM
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin.
CVE-2022-43772 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2023-04-10 N/A 6.5 MEDIUM
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.
CVE-2022-43938 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2023-04-10 N/A 8.8 HIGH
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager.
CVE-2022-43940 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2023-04-10 N/A 8.8 HIGH
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service.
CVE-2022-43941 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2023-04-10 N/A 6.5 MEDIUM
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference.
CVE-2022-4770 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2023-04-10 N/A 4.3 MEDIUM
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).
CVE-2022-4769 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2023-04-10 N/A 4.3 MEDIUM
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name.
CVE-2022-4771 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2023-04-10 N/A 6.1 MEDIUM
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables.
CVE-2022-34881 3 Hitachi, Linux, Microsoft 3 Jp1\/automatic Operation, Linux Kernel, Windows 2023-03-24 N/A 3.3 LOW
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01.
CVE-2020-36652 2 Hitachi, Linux 6 Automation Director, Infrastructure Analytics Advisor, Ops Center Analyzer and 3 more 2023-03-13 N/A 7.1 HIGH
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.