Aggregates CVE and security vulnerability intelligence across all hitachivantara-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting and vendor risk csrf, with potential vendor impact session compromise across vendor surface archive handling and vendor surface file processing use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-2358 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext. | [email protected] | 4.3 | 0.23% | 2023-09-27 | 2026-06-17 |
| CVE-2022-43770 | Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API. | [email protected] | 5.4 | 0.48% | 2023-04-11 | 2026-06-17 |
| CVE-2022-3695 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present. | [email protected] | 6.5 | 0.42% | 2023-04-11 | 2026-06-17 |
| CVE-2016-10701 | In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. | [email protected] | 8.8 | 0.77% | 2017-11-27 | 2026-06-16 |