Security Updates
- ★ (Resolved) Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference - Versions before 10.2.0.7 and 11.0.0.0 Impacted (CVE- 2026-2253)
- ★ (Resolved) Pentaho Data Integration & Analytics - Incorrect Permission Assignment for Critical Resource - Versions before 10.2.0.6 and 11.0.0.0 Impacted (CVE- 2026-2254)
- ★ (Resolved) Pentaho Data Integration & Analytics - Insufficiently Protected Credentials - Versions before 10.2.0.6 and 11.0.0.0 Impacted (CVE- 2026-2255)
- ★ (Resolved) Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component - Versions before 10.2.0.7 and 11.0.0.0 Impacted (CVE-2025-11159)
- ★ Security Vulnerability Information For Pentaho Software
- (Resolved) Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information - Versions before 10.2.0.4 Impacted (CVE-2025-9122)
- (Resolved) Pentaho Business Analytics Server - Deserialization of Untrusted Data - Versions before 10.2.0.4 Impacted (CVE-2025-9121)
- (Resolved) Pentaho Data Integration & Analytics - Missing Authorization - Versions before 10.2.0.6 impacted (CVE-2025-11158)
- (Resolved) Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference - Versions before 10.2.0.2 Impacted (CVE-2025-24911)
- (Resolved) Pentaho Data Integration & Analytics – Path Traversal - Versions before 10.2.0.2, including 9.3.x Impacted (CVE-2025-24908)
- (Resolved) Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference - Versions before 10.2.0.2 Impacted (CVE-2025-24910)
- (Resolved) Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Versions before 10.2.0.2 Impacted (CVE-2025-24909)
- (Resolved) Pentaho Data Integration & Analytics – Path Traversal - Versions before 10.2.0.2 Impacted (CVE-2025-24907)
- (Resolved) Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource - Versions before 10.2.0.2 Impacted (CVE-2025-0758)
- (Resolved) Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Versions before 10.2.0.2 Impacted (CVE-2025-0757)
- (Resolved) Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection') - Versions before 10.2.0.2 Impacted (CVE-2025-0756)
- (Resolved) Pentaho Business Analytics Server - Deserialization of Untrusted Data - Versions before 10.2.0.0 and 9.3.0.9 Impacted (CVE-2024-37361)
- (Resolved) Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Versions before 10.2.0.0 and 9.3.0.9 Impacted (CVE-2024-37360)
- (Resolved) Pentaho Business Analytics Server - Insufficient Granularity of Access Control - Versions before 10.2.0.0 and 9.3.0.9 Impacted (CVE-2024-6696)
- (Resolved) Pentaho Business Analytics Server – Server Side Request Forgery - Versions before 10.2.0.0 and 9.3.0.9 Impacted (CVE-2024-37359)
- (Resolved) Pentaho Business Analytics Server - Improper Handling of Insufficient Permissions or Privileges - Versions before 10.2.0.0 and 9.3.0.9 Impacted (CVE-2024-6697)
- (Resolved) Pentaho Business Analytics Server - Incorrect Authorization - Versions before 10.2.0.0 and 9.3.0.9 Impacted (CVE-2024-5705)
- (Resolved) Pentaho Data Integration & Analytics - Insufficiently Protected Credentials - Versions before 10.2.0.0 and 9.3.0.8 Impacted (CVE-2024-37362)
- (Resolved) Pentaho Business Analytics Server - Incorrect Authorization - Versions before 10.2.0.0 and 9.3.0.8 Impacted (CVE-2024-37363)
- (Resolved) Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection') - Versions before 10.2.0.0 and 9.3.0.9 Impacted (CVE-2024-5706)
- (Resolved) Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Versions before 10.1.0.0 and 9.3.0.7, including 8.3.x Impacted (CVE-2024-28984)
- (Resolved) Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Versions before 10.1.0.0 and 9.3.0.7, including 8.3.x Impacted (CVE-2024-28983)
- (Resolved) Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference - versions before 10.1.0.0 and 9.3.0.7, including 8.3.x Impacted (CVE-2024-28982)
- (Resolved) Pentaho Data Integration & Analytics - Insufficiently Protected Credentials - Versions before 10.1.0.0, including 9.3.x and 8.3.x impacted (CVE-2024-28981)
- (Resolved) Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information - Versions before 10.1.0.0 and 9.3.0.6 Impacted (CVE-2023-5617)