Filtered by vendor Hitachi Subscriptions
Total 195 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-43940 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2024-08-03 8.8 High
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 
CVE-2022-43939 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2024-08-03 8.6 High
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. 
CVE-2022-43941 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2024-08-03 7.1 High
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 
CVE-2022-43769 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2024-08-03 8.8 High
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. 
CVE-2022-43772 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2024-08-03 3.8 Low
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. 
CVE-2022-43773 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2024-08-03 8.8 High
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. 
CVE-2022-43771 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2024-08-03 6.5 Medium
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.  
CVE-2022-41553 2 Hitachi, Linux 3 Infrastructure Analytics Advisor, Ops Center Analyzer, Linux Kernel 2024-08-03 6.5 Medium
Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.
CVE-2022-41552 3 Hitachi, Linux, Microsoft 5 Infrastructure Analytics Advisor, Ops Center Analyzer, Ops Center Viewpoint and 2 more 2024-08-03 9.8 Critical
Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.
CVE-2022-37680 1 Hitachi 2 Hc-ip9100hd, Hc-ip9100hd Firmware 2024-08-03 7.5 High
An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.
CVE-2022-37681 1 Hitachi 2 Hc-ip9100hd, Hc-ip9100hd Firmware 2024-08-03 7.5 High
Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.
CVE-2022-34881 3 Hitachi, Linux, Microsoft 3 Jp1\/automatic Operation, Linux Kernel, Windows 2024-08-03 3.3 Low
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01.
CVE-2022-34883 3 Docker, Hitachi, Microsoft 3 Docker, Raid Manager Storage Replication Adapter, Windows 2024-08-03 7.2 High
OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.
CVE-2022-34882 3 Docker, Hitachi, Microsoft 3 Docker, Raid Manager Storage Replication Adapter, Windows 2024-08-03 9 Critical
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.
CVE-2022-4895 2 Hitachi, Linux 3 Infrastructure Analytics Advisor, Ops Center Analyzer, Linux Kernel 2024-08-03 8.6 High
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.
CVE-2022-4769 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2024-08-03 4.3 Medium
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. 
CVE-2022-4815 1 Hitachi 2 Vantara Pentaho, Vantara Pentaho Business Analytics Server 2024-08-03 8 High
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 
CVE-2022-4770 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2024-08-03 4.3 Medium
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 
CVE-2022-4771 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2024-08-03 5.4 Medium
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 
CVE-2022-4441 1 Hitachi 1 Storage Plug-in 2024-08-03 7.6 High
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.