Scaner-VSvulnerability catalog · v4.2

Home Catalog Sources CWE CAPEC ATT&CK Mitigations Products Vendors Docs

← Back to List

Hitachi›Applicationnvd

Vantara Pentaho Data Integration And Analytics

Vulnerabilities

3

Known exploited

0

Max CVSS

9.1

Top EPSS

0.00382

Severity breakdown

Critical

1

High

1

Medium

1

Low

0

Affected version ranges

< 10.2.0.6< 10.2.0.7< 9.3.0.6

Also matched as (raw): vantara_pentaho_data_integration_and_analytics

Top vulnerabilities

CVE-2025-11158Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.

CVE-2025-11159Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.

CVE-2023-5617 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.

View vendor →Open in catalog with product filter →