Filtered by vendor Hitachi
Subscriptions
Total
195 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-34685 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 2.7 Low |
UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution). | ||||
CVE-2021-34684 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 9.8 Critical |
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI. | ||||
CVE-2021-31602 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2024-11-21 | 5.3 Medium |
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials. | ||||
CVE-2021-31601 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2024-11-21 | 7.1 High |
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials. | ||||
CVE-2021-31600 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2024-11-21 | 4.3 Medium |
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames. | ||||
CVE-2021-31599 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2024-11-21 | 8.8 High |
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code. | ||||
CVE-2021-29645 | 2 Hitachi, Microsoft | 15 It Operations Director, Job Management Partner 1\/it Desktop Management-manager, Job Management Partner 1\/it Desktop Management 2-manager and 12 more | 2024-11-21 | 7 High |
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system. | ||||
CVE-2021-29644 | 2 Hitachi, Microsoft | 15 It Operations Director, Job Management Partner 1\/it Desktop Management-manager, Job Management Partner 1\/it Desktop Management 2-manager and 12 more | 2024-11-21 | 8.1 High |
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the underlying OS. | ||||
CVE-2021-20741 | 1 Hitachi | 1 Application Server V10 Manual | 2024-11-21 | 6.1 Medium |
Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
CVE-2021-20740 | 2 Hitachi, Nec | 13 Virtual File Platform, Nas Gateway Nh4a, Nas Gateway Nh4a Firmware and 10 more | 2024-11-21 | 8.8 High |
Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors. | ||||
CVE-2020-36695 | 2 Hitachi, Linux | 6 Compute Systems Manager, Device Manager, Replication Manager and 3 more | 2024-11-21 | 6.6 Medium |
Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08. | ||||
CVE-2020-36652 | 2 Hitachi, Linux | 6 Automation Director, Infrastructure Analytics Advisor, Ops Center Analyzer and 3 more | 2024-11-21 | 6.6 Medium |
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00. | ||||
CVE-2020-36611 | 2 Hitachi, Linux | 2 Tuning Manager, Linux Kernel | 2024-11-21 | 6.6 Medium |
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-00. | ||||
CVE-2020-36605 | 3 Hitachi, Linux, Microsoft | 5 Infrastructure Analytics Advisor, Ops Center Analyzer, Ops Center Viewpoint and 2 more | 2024-11-21 | 6.6 Medium |
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00. | ||||
CVE-2020-24670 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 5.4 Medium |
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | ||||
CVE-2020-24669 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 5.4 Medium |
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA. | ||||
CVE-2020-24666 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 5.4 Medium |
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1 | ||||
CVE-2020-24665 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 6.5 Medium |
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA | ||||
CVE-2020-24664 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 5.4 Medium |
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | ||||
CVE-2019-17360 | 4 Hitachi, Linux, Microsoft and 1 more | 8 Device Manager, Infrastructure Analytics Advisor, Replication Manager and 5 more | 2024-11-21 | 7.5 High |
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. |