Get a grip on your data

With battle-tested solutions and a focus on foundational strength,

Pentaho+ helps you meet the challenges of an AI-driven world.

★ Security Vulnerability Information For Pentaho Software
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference - Versions before 10.2.0.2, including 9.3.x Impacted (CVE-2025-24911)
(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal - Versions before 10.2.0.2, including 9.3.x Impacted (CVE-2025-24908)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference - Versions before 10.2.0.2, including 9.3.x Impacted (CVE-2025-24910)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Versions before 10.2.0.2, including 9.3.x Impacted (CVE-2025-24909)
(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal - Versions before 10.2.0.2, including 9.3.x Impacted (CVE-2025-24907)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource - Versions before 10.2.0.2, including 9.3.x Impacted (CVE-2025-0758)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Versions before 10.2.0.2, including 9.3.x Impacted (CVE-2025-0757)
(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection') - Versions before 10.2.0.2, including 9.3.x Impacted (CVE-2025-0756)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data - Versions before 10.2.0.0 and 9.3.0.9, including 8.3.x Impacted (CVE-2024-37361)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Versions before 10.2.0.0 and 9.3.0.9, including 8.3.x Impacted (CVE-2024-37360)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Insufficient Granularity of Access Control - Versions before 10.2.0.0 and 9.3.0.9, including 8.3.x Impacted (CVE-2024-6696)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery - Versions before 10.2.0.0 and 9.3.0.9, including 8.3.x Impacted (CVE-2024-37359)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Improper Handling of Insufficient Permissions or Privileges - Versions before 10.2.0.0 and 9.3.0.9, including 8.3.x Impacted (CVE-2024-6697)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization - Versions before 10.2.0.0 and 9.3.0.9, including 8.3.x Impacted (CVE-2024-5705)
(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials - Versions before 10.2.0.0 and 9.3.0.8, including 8.3.x Impacted (CVE-2024-37362)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization - Versions before 10.2.0.0 and 9.3.0.8, including 8.3.x Impacted (CVE-2024-37363)
(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection') - Versions before 10.2.0.0 and 9.3.0.9, including 8.3.x Impacted (CVE-2024-5706)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Versions before 10.1.0.0 and 9.3.0.7, including 8.3.x Impacted (CVE-2024-28984)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Versions before 10.1.0.0 and 9.3.0.7, including 8.3.x Impacted (CVE-2024-28983)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference - versions before 10.1.0.0 and 9.3.0.7, including 8.3.x Impacted (CVE-2024-28982)
(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials - Versions before 10.1.0.0, including 9.3.x and 8.3.x impacted (CVE-2024-28981)
(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information - Versions before 10.1.0.0 and 9.3.0.6, including all versions before 10.0.x Impacted (CVE-2023-5617)
(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection') - Versions before 9.5.0.1 and 9.3.0.5, including 8.3.x Impacted (CVE-2023-3517)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server – Password Stored in a Recoverable Format - Versions before 9.5.0.0 and 9.3.0.4, including 8.3.x Impacted (CVE-2023-2358)
(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation - Versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 Impacted (CVE-2022-3695)
(Resolved) Pentaho BA Server - Incorrect Authorization - Versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 Impacted (CVE-2022-43770)
(Resolved) Pentaho BA Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') - Versions before 9.4.0.1 and 9.3.0.2, including 8.3.x Impacted (CVE-2022-43940) (CVE-2022-3960)
(Resolved) Pentaho BA Server - Improper Restriction of XML External Entity Reference - Versions before 9.4.0.1 and 9.3.0.2, including 8.3.x Impacted (CVE-2022-43940) (CVE-2022-43941)
(Resolved) Pentaho BA Server - Incorrect Authorization - Versions before 9.4.0.1 and 9.3.0.2, including 8.3.x Impacted (CVE-2022-43940)