Filtered by vendor Hitachi
Subscribe
Total
186 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-31599 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code. | |||||
CVE-2021-34684 | 1 Hitachi | 1 Vantara Pentaho | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI. | |||||
CVE-2021-34685 | 1 Hitachi | 1 Vantara Pentaho | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution). | |||||
CVE-2021-40339 | 1 Hitachi | 1 Linkone | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. | |||||
CVE-2021-31602 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials. | |||||
CVE-2021-31600 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames. | |||||
CVE-2021-40340 | 1 Hitachi | 1 Linkone | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. | |||||
CVE-2021-20740 | 2 Hitachi, Nec | 13 Virtual File Platform, Nas Gateway Nh4a, Nas Gateway Nh4a Firmware and 10 more | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
CVE-2021-20741 | 1 Hitachi | 1 Application Server V10 Manual | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
CVE-2021-3196 | 1 Hitachi | 1 Id Bravura Security Fabric | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user. | |||||
CVE-2020-24665 | 1 Hitachi | 1 Vantara Pentaho | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA | |||||
CVE-2020-24670 | 1 Hitachi | 1 Vantara Pentaho | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | |||||
CVE-2020-24664 | 1 Hitachi | 1 Vantara Pentaho | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | |||||
CVE-2020-24669 | 1 Hitachi | 1 Vantara Pentaho | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA. | |||||
CVE-2020-24666 | 1 Hitachi | 1 Vantara Pentaho | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1 | |||||
CVE-2018-21026 | 4 Hitachi, Linux, Microsoft and 1 more | 8 Compute Systems Manager, Device Manager, Replication Manager and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. | |||||
CVE-2018-21033 | 4 Hitachi, Linux, Microsoft and 1 more | 11 Automation Director, Compute Systems Manager, Device Manager and 8 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager. | |||||
CVE-2018-21032 | 4 Hitachi, Linux, Microsoft and 1 more | 6 Automation Director, Compute Systems Manager, Device Manager and 3 more | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager. | |||||
CVE-2019-17360 | 4 Hitachi, Linux, Microsoft and 1 more | 8 Device Manager, Infrastructure Analytics Advisor, Replication Manager and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. | |||||
CVE-2018-14735 | 3 Hitachi, Linux, Microsoft | 8 Command Suite, Compute Systems Manager, Device Manager and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message. |