Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for vantara_pentaho_data_integration_and_analytics by hitachi

    CVE-2026-2255 (GCVE-0-2026-2255)

    Vulnerability from nvd – Published: 2026-05-27 02:51 – Updated: 2026-05-27 18:00
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.6 (maven)
    Affected: 10.0 , < 11.0.0 (maven)
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T18:00:31.690560Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:00:39.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although\u0026nbsp;the user should not see those explicitly, the defect is mitigated by the fact the user can already\u0026nbsp;leverage those credentials to submit jobs under the same account through the backend API.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although\u00a0the user should not see those explicitly, the defect is mitigated by the fact the user can already\u00a0leverage those credentials to submit jobs under the same account through the backend API."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-102",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-102 Session Sidejacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T02:57:46.206Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/45672235545101--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2255"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Insufficiently Protected Credentials",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2026-2255",
        "datePublished": "2026-05-27T02:51:31.793Z",
        "dateReserved": "2026-02-09T15:09:09.473Z",
        "dateUpdated": "2026-05-27T18:00:39.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2254 (GCVE-0-2026-2254)

    Vulnerability from nvd – Published: 2026-05-27 02:46 – Updated: 2026-05-27 18:00
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Incorrect Permission Assignment for Critical Resource
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.6 (maven)
    Affected: 10.0 , < 11.0.0.0 (maven)
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T17:59:55.849274Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:00:14.572Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0.0.0",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T02:46:36.132Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/45676384909069--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Incorrect-Permission-Assignment-for-Critical-Resource-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2254?brand_id=1928686"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Incorrect Permission Assignment for Critical  Resource",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2026-2254",
        "datePublished": "2026-05-27T02:46:36.132Z",
        "dateReserved": "2026-02-09T15:09:08.406Z",
        "dateUpdated": "2026-05-27T18:00:14.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2253 (GCVE-0-2026-2253)

    Vulnerability from nvd – Published: 2026-05-27 02:54 – Updated: 2026-05-27 18:00
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper restriction of XML external entity reference
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.7 (maven)
    Affected: 10.0 , < 11.0.0 (maven)
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T18:00:51.429151Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:00:59.490Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.7",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.7 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.7 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-201",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-201 Serialized Data External Linking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper restriction of XML external entity reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T02:54:25.857Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/45677548193933--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2026-2253"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Improper Restriction of XML External Entity  Reference",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2026-2253",
        "datePublished": "2026-05-27T02:54:25.857Z",
        "dateReserved": "2026-02-09T15:09:06.755Z",
        "dateUpdated": "2026-05-27T18:00:59.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11159 (GCVE-0-2025-11159)

    Vulnerability from nvd – Published: 2026-05-13 05:36 – Updated: 2026-05-13 14:44
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1395 - Dependency on Vulnerable Third-Party Component
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.7 (maven)
    Affected: 1.0 , < 11.0 (maven)
    Create a notification for this product.
    Credits
    Nir Zadok (nirza) and Moshe Siman Tov Bustan from OX Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11159",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:44:30.743315Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:44:36.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.7",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nir Zadok (nirza) and Moshe Siman Tov Bustan  from OX Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u0026nbsp;data source administrator."
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u00a0data source administrator."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-310",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-310 Scanning for Vulnerable Software"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1395",
                  "description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T05:36:43.720Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Dependency on Vulnerable Third-Party  Component",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2025-11159",
        "datePublished": "2026-05-13T05:36:43.720Z",
        "dateReserved": "2025-09-29T14:53:44.917Z",
        "dateUpdated": "2026-05-13T14:44:36.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11158 (GCVE-0-2025-11158)

    Vulnerability from nvd – Published: 2026-03-09 22:12 – Updated: 2026-03-10 18:42
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , ≤ 9.3.* (maven)
    Affected: 10.0 , < 10.2.0.6 (maven)
    Create a notification for this product.
    Credits
    Nir Zadok (nirza) and Moshe Siman Tov Bustan from OX Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11158",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T14:34:15.156923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T14:34:25.010Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-10T18:42:40.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.ox.security/blog/cve-2025-11158/"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThanOrEqual": "9.3.*",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "10.2.0.6",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nir Zadok (nirza) and Moshe Siman Tov Bustan from OX Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6, including 9.3.x and\u0026nbsp;8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of\u0026nbsp;arbitrary scripts and leading to a RCE."
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6, including 9.3.x and\u00a08.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of\u00a0arbitrary scripts and leading to a RCE."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T22:12:51.587Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.pentaho.com/hc/en-us/articles/39975058295821--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Missing-Authorization-Versions-before-10-2-0-6-impacted-CVE-2025-11158"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Missing Authorization",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2025-11158",
        "datePublished": "2026-03-09T22:12:51.587Z",
        "dateReserved": "2025-09-29T14:53:43.455Z",
        "dateUpdated": "2026-03-10T18:42:40.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5617 (GCVE-0-2023-5617)

    Vulnerability from nvd – Published: 2024-02-28 22:30 – Updated: 2024-08-29 14:47
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-550 - Server-generated Error Message Containing Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration & Analytics Affected: 1.0 , < 9.3.0.6 (maven)
    Affected: 9.4.0.0 , < 10.1.0.0 (maven)
    Create a notification for this product.
    hitachi_vantara pentaho_data_integration_\&_analytics Affected: 1.0 , < 9.3.0.6 (custom)
    Affected: 9.4.0.0 , < 10.1.0.0 (custom)
        cpe:2.3:a:hitachi_vantara:pentaho_data_integration_\&_analytics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:07:32.308Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.pentaho.com/hc/en-us/articles/24313358254861--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Server-generated-Error-Message-Containing-Sensitive-Information-Versions-before-10-1-0-0-and-9-3-0-6-including-all-versions-before-10-0-x-Impacted-CVE-2023-5617"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_vantara:pentaho_data_integration_\\\u0026_analytics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pentaho_data_integration_\\\u0026_analytics",
                "vendor": "hitachi_vantara",
                "versions": [
                  {
                    "lessThan": "9.3.0.6",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "10.1.0.0",
                    "status": "affected",
                    "version": "9.4.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5617",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T18:28:22.655674Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T14:47:10.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration \u0026 Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "9.3.0.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "10.1.0.0",
                  "status": "affected",
                  "version": "9.4.0.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eHitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.1.0.0 and 9.3.0.6, including\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.\u003c/span\u003e\u003c/p\u003e\n\n"
                }
              ],
              "value": "\nHitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.1.0.0 and 9.3.0.6, including\u00a09.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-170",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-170 Web Application Fingerprinting"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-550",
                  "description": "CWE-550: Server-generated Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-28T22:30:40.128Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/24313358254861--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Server-generated-Error-Message-Containing-Sensitive-Information-Versions-before-10-1-0-0-and-9-3-0-6-including-all-versions-before-10-0-x-Impacted-CVE-2023-5617"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Server-generated Error Message Containing  Sensitive Information",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2023-5617",
        "datePublished": "2024-02-28T22:30:40.128Z",
        "dateReserved": "2023-10-17T15:42:11.661Z",
        "dateUpdated": "2024-08-29T14:47:10.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-2253 (GCVE-0-2026-2253)

    Vulnerability from cvelistv5 – Published: 2026-05-27 02:54 – Updated: 2026-05-27 18:00
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper restriction of XML external entity reference
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.7 (maven)
    Affected: 10.0 , < 11.0.0 (maven)
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T18:00:51.429151Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:00:59.490Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.7",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.7 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.7 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-201",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-201 Serialized Data External Linking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper restriction of XML external entity reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T02:54:25.857Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/45677548193933--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2026-2253"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Improper Restriction of XML External Entity  Reference",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2026-2253",
        "datePublished": "2026-05-27T02:54:25.857Z",
        "dateReserved": "2026-02-09T15:09:06.755Z",
        "dateUpdated": "2026-05-27T18:00:59.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2255 (GCVE-0-2026-2255)

    Vulnerability from cvelistv5 – Published: 2026-05-27 02:51 – Updated: 2026-05-27 18:00
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.6 (maven)
    Affected: 10.0 , < 11.0.0 (maven)
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T18:00:31.690560Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:00:39.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although\u0026nbsp;the user should not see those explicitly, the defect is mitigated by the fact the user can already\u0026nbsp;leverage those credentials to submit jobs under the same account through the backend API.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although\u00a0the user should not see those explicitly, the defect is mitigated by the fact the user can already\u00a0leverage those credentials to submit jobs under the same account through the backend API."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-102",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-102 Session Sidejacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T02:57:46.206Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/45672235545101--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2255"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Insufficiently Protected Credentials",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2026-2255",
        "datePublished": "2026-05-27T02:51:31.793Z",
        "dateReserved": "2026-02-09T15:09:09.473Z",
        "dateUpdated": "2026-05-27T18:00:39.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2254 (GCVE-0-2026-2254)

    Vulnerability from cvelistv5 – Published: 2026-05-27 02:46 – Updated: 2026-05-27 18:00
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Incorrect Permission Assignment for Critical Resource
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.6 (maven)
    Affected: 10.0 , < 11.0.0.0 (maven)
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T17:59:55.849274Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:00:14.572Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0.0.0",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T02:46:36.132Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/45676384909069--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Incorrect-Permission-Assignment-for-Critical-Resource-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2254?brand_id=1928686"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Incorrect Permission Assignment for Critical  Resource",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2026-2254",
        "datePublished": "2026-05-27T02:46:36.132Z",
        "dateReserved": "2026-02-09T15:09:08.406Z",
        "dateUpdated": "2026-05-27T18:00:14.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11159 (GCVE-0-2025-11159)

    Vulnerability from cvelistv5 – Published: 2026-05-13 05:36 – Updated: 2026-05-13 14:44
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1395 - Dependency on Vulnerable Third-Party Component
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.7 (maven)
    Affected: 1.0 , < 11.0 (maven)
    Create a notification for this product.
    Credits
    Nir Zadok (nirza) and Moshe Siman Tov Bustan from OX Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11159",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:44:30.743315Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:44:36.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.7",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nir Zadok (nirza) and Moshe Siman Tov Bustan  from OX Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u0026nbsp;data source administrator."
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u00a0data source administrator."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-310",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-310 Scanning for Vulnerable Software"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1395",
                  "description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T05:36:43.720Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Dependency on Vulnerable Third-Party  Component",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2025-11159",
        "datePublished": "2026-05-13T05:36:43.720Z",
        "dateReserved": "2025-09-29T14:53:44.917Z",
        "dateUpdated": "2026-05-13T14:44:36.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11158 (GCVE-0-2025-11158)

    Vulnerability from cvelistv5 – Published: 2026-03-09 22:12 – Updated: 2026-03-10 18:42
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , ≤ 9.3.* (maven)
    Affected: 10.0 , < 10.2.0.6 (maven)
    Create a notification for this product.
    Credits
    Nir Zadok (nirza) and Moshe Siman Tov Bustan from OX Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11158",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T14:34:15.156923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T14:34:25.010Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-10T18:42:40.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.ox.security/blog/cve-2025-11158/"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThanOrEqual": "9.3.*",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "10.2.0.6",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nir Zadok (nirza) and Moshe Siman Tov Bustan from OX Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6, including 9.3.x and\u0026nbsp;8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of\u0026nbsp;arbitrary scripts and leading to a RCE."
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6, including 9.3.x and\u00a08.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of\u00a0arbitrary scripts and leading to a RCE."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T22:12:51.587Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.pentaho.com/hc/en-us/articles/39975058295821--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Missing-Authorization-Versions-before-10-2-0-6-impacted-CVE-2025-11158"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Missing Authorization",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2025-11158",
        "datePublished": "2026-03-09T22:12:51.587Z",
        "dateReserved": "2025-09-29T14:53:43.455Z",
        "dateUpdated": "2026-03-10T18:42:40.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5617 (GCVE-0-2023-5617)

    Vulnerability from cvelistv5 – Published: 2024-02-28 22:30 – Updated: 2024-08-29 14:47
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-550 - Server-generated Error Message Containing Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration & Analytics Affected: 1.0 , < 9.3.0.6 (maven)
    Affected: 9.4.0.0 , < 10.1.0.0 (maven)
    Create a notification for this product.
    hitachi_vantara pentaho_data_integration_\&_analytics Affected: 1.0 , < 9.3.0.6 (custom)
    Affected: 9.4.0.0 , < 10.1.0.0 (custom)
        cpe:2.3:a:hitachi_vantara:pentaho_data_integration_\&_analytics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:07:32.308Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.pentaho.com/hc/en-us/articles/24313358254861--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Server-generated-Error-Message-Containing-Sensitive-Information-Versions-before-10-1-0-0-and-9-3-0-6-including-all-versions-before-10-0-x-Impacted-CVE-2023-5617"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_vantara:pentaho_data_integration_\\\u0026_analytics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pentaho_data_integration_\\\u0026_analytics",
                "vendor": "hitachi_vantara",
                "versions": [
                  {
                    "lessThan": "9.3.0.6",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "10.1.0.0",
                    "status": "affected",
                    "version": "9.4.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5617",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T18:28:22.655674Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T14:47:10.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration \u0026 Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "9.3.0.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "10.1.0.0",
                  "status": "affected",
                  "version": "9.4.0.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eHitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.1.0.0 and 9.3.0.6, including\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.\u003c/span\u003e\u003c/p\u003e\n\n"
                }
              ],
              "value": "\nHitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.1.0.0 and 9.3.0.6, including\u00a09.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-170",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-170 Web Application Fingerprinting"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-550",
                  "description": "CWE-550: Server-generated Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-28T22:30:40.128Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/24313358254861--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Server-generated-Error-Message-Containing-Sensitive-Information-Versions-before-10-1-0-0-and-9-3-0-6-including-all-versions-before-10-0-x-Impacted-CVE-2023-5617"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Server-generated Error Message Containing  Sensitive Information",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2023-5617",
        "datePublished": "2024-02-28T22:30:40.128Z",
        "dateReserved": "2023-10-17T15:42:11.661Z",
        "dateUpdated": "2024-08-29T14:47:10.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }