Security Updates
- ★ (Resolved) Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation - Versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 Impacted (CVE-2022-3695)
- ★ (Resolved) Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization - Versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 Impacted (CVE-2022-43770)
- ★ Security Vulnerability Information For Pentaho Software
- (Resolved) Pentaho BA Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') - Versions before 9.4.0.1 and 9.3.0.2, including 8.3.x Impacted (CVE-2022-43940) (CVE-2022-3960)
- (Resolved) Pentaho BA Server - Improper Restriction of XML External Entity Reference - Versions before 9.4.0.1 and 9.3.0.2, including 8.3.x Impacted (CVE-2022-43940) (CVE-2022-43941)
- (Resolved) Pentaho BA Server - Incorrect Authorization - Versions before 9.4.0.1 and 9.3.0.2, including 8.3.x Impacted (CVE-2022-43940)
- (Resolved) Pentaho BA Server - Incorrect Authorization - Versions before 9.4.0.1 and 9.3.0.3, including 8.3.x Impacted (CVE-2023-1158)
- (Resolved) Pentaho BA Server - Deserialization of Untrusted Data - Versions before 9.4.0.1 and 9.3.0.3, including 8.3.x Impacted (CVE-2022-4815)
- (Resolved) Pentaho BA Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) - Versions before 9.4.0.1 and 9.3.0.2, including 8.3.x Impacted (CVE-2022-43769)
- (Resolved) Pentaho BA Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Versions before 9.4.0.1 and 9.3.0.2, including 8.3.x Impacted (CVE-2022-4771)
- (Resolved) Pentaho BA Server - Use of Non-Canonical URL Paths for Authorization Decisions - Versions before 9.4.0.1 and 9.3.0.2, including 8.3.x Impacted (CVE-2022-43939)
- (Resolved) Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information - Versions before 9.4.0.0 and 9.3.0.2, including 8.3.x Impacted (CVE-2022-4770)
- (Resolved) Hitachi Vantara Pentaho Business Analytics Server - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - Versions before 9.4.0.0 and 9.3.0.1, including 8.3.x Impacted (CVE-2022-43771)
- (Resolved) Hitachi Vantara Pentaho Business Analytics Server - Insertion of Sensitive Information into Log File - Versions before 9.4.0.0 and 9.3.0.1, including 8.3.x Impacted (CVE-2022-43772)
- (Resolved) Pentaho BA Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') – Versions before 9.4.0.1 and 9.3.0.2, including 8.3.x Impacted (CVE-2022-43938)
- (Resolved) Pentaho BA Server - Incorrect Permission Assignment for Critical Resource – Versions before 9.4.0.1 and 9.3.0.2, including 8.3.x Impacted (CVE-2022-43773)
- (Resolved) Pentaho BA Server - Generation of Error Message Containing Sensitive Information - Versions before 9.4.0.0 and 9.3.0.2, including 8.3.x Impacted (CVE-2022-4769)
- IMPORTANT: (Resolved) Pentaho BA Server Directory Listing - Versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 Impacted (CVE-2021-45446)
- IMPORTANT: (Resolved) Pentaho BA Server Data Lineage - Versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 Impacted (CVE-2021-45447)
- IMPORTANT: (Resolved) Pentaho BA Server Analyzer Plugin - Versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 Impacted (CVE-2021-45448)
- log4j 1 and log4j 2 vulnerabilities found in Pentaho and Lumada Software Resolved
- "Critical Flaws Uncovered in Pentaho" article - Known issues explained
- SolarWinds® Orion® Platform Vulnerability
- hirt-sec-2020-601 : Multiple Vulnerabilities in Pentaho
- VFS Connections Vulnerability - Pentaho 9.0.0.0 – 9.0.0.6 Impacted
- Ripple20 Vulnerability, August 2020 – Pentaho Not Impacted
- Tomcat 8.5.50 Vulnerability, April 2020 - Pentaho Impacted
- Apache Struts Vulnerability, April 2017 - Pentaho not Impacted