Volerion logoVolerion
Volerion logoVolerion

Hitachi Vantara Pentaho Data Integration & Analytics JNDI Resource Injection Vulnerability

Vulnerability

A vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.0 and 9.3.0.9, including 8.3.x. The issue arises from improper validation of JNDI identifiers when creating Community Dashboards, allowing unauthorized control over system-level data sources. This could enable access to or modification of sensitive data or system resources, potentially leading to remote code execution by unauthorized users.

Impact

Exploitation of this vulnerability could allow unauthorized users to access or modify sensitive data and system resources, including protected files and directories containing configuration details and other sensitive information. Such access could facilitate remote code execution.

Remediation

Users can upgrade to Hitachi Vantara Pentaho Data Integration & Analytics version 10.2.0.0 or 9.3.0.9 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
7.5
exploitability
5.2
remediation
7.7
relevance
0.0
threat
0.1
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.