Vendor CVEs
Hitachi
All CVEs
382 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-1245 | Med | 0.42 | 6.5 | 0.00 | May 16, 2025 | Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops… | ||
| CVE-2025-27631 | Med | 0.42 | 6.5 | 0.00 | Mar 25, 2025 | The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website. | ||
| CVE-2024-12169 | Med | 0.42 | 6.5 | 0.00 | Mar 25, 2025 | A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3… | ||
| CVE-2024-6697 | Med | 0.42 | 6.5 | 0.00 | Feb 20, 2025 | The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. (CWE-280) … | ||
| CVE-2024-37363 | Med | 0.42 | 6.5 | 0.00 | Feb 20, 2025 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an… | ||
| CVE-2017-9295 | Med | 0.42 | 6.5 | 0.01 | May 29, 2017 | XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. | ||
| CVE-2026-2254 | Med | 0.41 | 6.3 | 0.00 | May 27, 2026 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications. | ||
| CVE-2024-37362 | Med | 0.41 | 6.3 | 0.00 | Feb 20, 2025 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including… | ||
| CVE-2025-0758 | Med | 0.40 | 6.1 | 0.00 | Apr 16, 2025 | Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732) Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2,… | ||
| CVE-2025-27632 | Med | 0.40 | 6.1 | 0.00 | Mar 25, 2025 | A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning. | ||
| CVE-2017-9297 | Med | 0.40 | 6.1 | 0.01 | May 29, 2017 | Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites. | ||
| CVE-2017-9296 | Med | 0.40 | 6.1 | 0.01 | May 29, 2017 | Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites. | ||
| CVE-2025-10217 | Med | 0.39 | — | 0.00 | Sep 30, 2025 | A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting… | ||
| CVE-2025-65116 | Med | 0.36 | 5.5 | 0.00 | Apr 7, 2026 | Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management… | ||
| CVE-2025-2300 | Med | 0.36 | 5.5 | 0.00 | Apr 22, 2025 | Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00. | ||
| CVE-2023-6814 | Med | 0.36 | 5.6 | 0.00 | Mar 12, 2024 | Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before… | ||
| CVE-2024-8201 | Med | 0.35 | 5.4 | 0.00 | May 16, 2025 | Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00. | ||
| CVE-2017-9298 | Med | 0.35 | 5.4 | 0.01 | May 29, 2017 | Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. | ||
| CVE-2025-2514 | Med | 0.34 | 5.3 | 0.00 | May 7, 2026 | Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual… | ||
| CVE-2025-9122 | Med | 0.34 | 5.3 | 0.00 | Dec 15, 2025 | Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet. | ||
| CVE-2025-27524 | Med | 0.34 | 5.3 | 0.00 | May 15, 2025 | Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through… | ||
| CVE-2024-9928 | Med | 0.34 | 5.3 | 0.00 | Nov 26, 2024 | A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the… | ||
| CVE-2025-24911 | Med | 0.32 | 4.9 | 0.00 | Apr 16, 2025 | Overview XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is… | ||
| CVE-2025-24910 | Med | 0.32 | 4.9 | 0.00 | Apr 16, 2025 | Overview XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is… | ||
| CVE-2024-11499 | Med | 0.32 | 4.9 | 0.00 | Mar 25, 2025 | A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU… | ||
| CVE-2024-6696 | Med | 0.32 | 4.9 | 0.00 | Feb 20, 2025 | The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control… | ||
| CVE-2026-3314 | Med | 0.30 | 4.6 | 0.00 | May 26, 2026 | Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics… | ||
| CVE-2026-7310 | Med | 0.29 | — | 0.00 | May 26, 2026 | A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code… | ||
| CVE-2025-24909 | Med | 0.29 | 4.4 | 0.00 | Apr 16, 2025 | Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79) Description Hitachi Vantara Pentaho Business Analytics… | ||
| CVE-2025-0757 | Med | 0.29 | 4.4 | 0.00 | Apr 16, 2025 | Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79) Description Hitachi Vantara Pentaho Business Analytics Server… | ||
| CVE-2024-10037 | Med | 0.29 | 4.4 | 0.00 | Mar 25, 2025 | A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection. An attacker must be properly authenticated and the test mode function of… | ||
| CVE-2024-37360 | Med | 0.29 | 4.4 | 0.00 | Feb 19, 2025 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a… | ||
| CVE-2024-22385 | Med | 0.29 | 4.4 | 0.00 | Jun 25, 2024 | Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4. | ||
| CVE-2023-6833 | Med | 0.29 | 4.4 | 0.00 | Apr 23, 2024 | Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 11.0.1. | ||
| CVE-2026-2255 | Med | 0.28 | 4.3 | 0.00 | May 27, 2026 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by… | ||
| CVE-2025-3624 | Med | 0.28 | 4.3 | 0.00 | May 16, 2025 | Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00. | ||
| CVE-2024-9929 | Med | 0.28 | 4.3 | 0.00 | Nov 26, 2024 | A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps. | ||
| CVE-2025-27525 | Low | 0.25 | 3.9 | 0.00 | May 15, 2025 | Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50… | ||
| CVE-2022-43769 | 0.23 | — | 0.98 | KEV | Apr 3, 2023 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. | ||
| CVE-2022-43939 | 0.22 | — | 0.92 | KEV | Apr 3, 2023 | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. | ||
| CVE-2005-0356 | 0.10 | — | 0.83 | May 31, 2005 | Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later… | |||
| CVE-2021-31602 | 0.07 | — | 0.52 | Nov 8, 2021 | An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the… | |||
| CVE-2023-6538 | 0.03 | — | 0.02 | Dec 11, 2023 | SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to… | |||
| CVE-2021-34684 | 0.02 | — | 0.06 | Nov 8, 2021 | Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI. | |||
| CVE-2005-3164 | 0.01 | — | 0.07 | Oct 6, 2005 | The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an… | |||
| CVE-2003-0564 | 0.01 | — | 0.08 | Dec 1, 2003 | Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected… | |||
| CVE-2025-7737 | 0.00 | — | 0.00 | Jun 19, 2026 | DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI)… | |||
| CVE-2026-2072 | 0.00 | — | 0.00 | Mar 25, 2026 | Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00. | |||
| CVE-2026-1166 | 0.00 | — | 0.00 | Mar 25, 2026 | Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8. | |||
| CVE-2025-0976 | 0.00 | — | 0.00 | Feb 25, 2026 | Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00. |
- risk 0.42cvss 6.5epss 0.00
Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops…
- risk 0.42cvss 6.5epss 0.00
The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.
- risk 0.42cvss 6.5epss 0.00
A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3…
- risk 0.42cvss 6.5epss 0.00
The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. (CWE-280) …
- risk 0.42cvss 6.5epss 0.00
The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an…
- risk 0.42cvss 6.5epss 0.01
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.
- risk 0.41cvss 6.3epss 0.00
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.
- risk 0.41cvss 6.3epss 0.00
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including…
- risk 0.40cvss 6.1epss 0.00
Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732) Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2,…
- risk 0.40cvss 6.1epss 0.00
A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.
- risk 0.40cvss 6.1epss 0.01
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.
- risk 0.40cvss 6.1epss 0.01
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.
- risk 0.39cvss —epss 0.00
A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting…
- risk 0.36cvss 5.5epss 0.00
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management…
- risk 0.36cvss 5.5epss 0.00
Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.
- risk 0.36cvss 5.6epss 0.00
Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before…
- risk 0.35cvss 5.4epss 0.00
Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.
- risk 0.34cvss 5.3epss 0.00
Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual…
- risk 0.34cvss 5.3epss 0.00
Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet.
- risk 0.34cvss 5.3epss 0.00
Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through…
- risk 0.34cvss 5.3epss 0.00
A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the…
- risk 0.32cvss 4.9epss 0.00
Overview XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is…
- risk 0.32cvss 4.9epss 0.00
Overview XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is…
- risk 0.32cvss 4.9epss 0.00
A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU…
- risk 0.32cvss 4.9epss 0.00
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control…
- risk 0.30cvss 4.6epss 0.00
Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics…
- risk 0.29cvss —epss 0.00
A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code…
- risk 0.29cvss 4.4epss 0.00
Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79) Description Hitachi Vantara Pentaho Business Analytics…
- risk 0.29cvss 4.4epss 0.00
Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79) Description Hitachi Vantara Pentaho Business Analytics Server…
- risk 0.29cvss 4.4epss 0.00
A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection. An attacker must be properly authenticated and the test mode function of…
- risk 0.29cvss 4.4epss 0.00
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a…
- risk 0.29cvss 4.4epss 0.00
Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4.
- risk 0.29cvss 4.4epss 0.00
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 11.0.1.
- risk 0.28cvss 4.3epss 0.00
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.
- risk 0.28cvss 4.3epss 0.00
A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps.
- risk 0.25cvss 3.9epss 0.00
Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50…
- risk 0.23cvss —epss 0.98
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
- risk 0.22cvss —epss 0.92
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
- CVE-2005-0356May 31, 2005risk 0.10cvss —epss 0.83
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later…
- CVE-2021-31602Nov 8, 2021risk 0.07cvss —epss 0.52
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the…
- CVE-2023-6538Dec 11, 2023risk 0.03cvss —epss 0.02
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to…
- CVE-2021-34684Nov 8, 2021risk 0.02cvss —epss 0.06
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.
- CVE-2005-3164Oct 6, 2005risk 0.01cvss —epss 0.07
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an…
- CVE-2003-0564Dec 1, 2003risk 0.01cvss —epss 0.08
Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected…
- CVE-2025-7737Jun 19, 2026risk 0.00cvss —epss 0.00
DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI)…
- CVE-2026-2072Mar 25, 2026risk 0.00cvss —epss 0.00
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
- CVE-2026-1166Mar 25, 2026risk 0.00cvss —epss 0.00
Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8.
- CVE-2025-0976Feb 25, 2026risk 0.00cvss —epss 0.00
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00.
Page 2 of 8