Hitachi Vantara Pentaho Data Integration & Analytics
Moderate fix1 remedy
cpe:2.3:a:hitachi:pentaho_data_integration_and_analytics:*:*:*:*:*:*:*
Moderate fix1 remedy
- < 10.2.0.2
- >= 9.3, < 9.4
- >= 8.3, < 8.4
Hitachi Vantara Pentaho Data Integration & Analytics Improper Control of Resource Identifiers Leading to Data Access and Remote Code Execution Vulnerability
Vulnerability
Patched
A vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.2, including 9.3.x and 8.3.x. The issue arises because the product fails to properly restrict JNDI identifiers when creating platform data sources, allowing for resource injection. This flaw could enable an attacker to access or modify sensitive data and system resources, potentially leading to unauthorized access to protected files, including configuration files and other sensitive information, which could be exploited to execute remote code.
Impact
Exploitation of this vulnerability could result in unauthorized access to or modification of sensitive data and system resources. It may allow access to protected files and directories, including those containing configuration data and sensitive information, potentially leading to remote code execution by unauthorized users.
Remediation
Users can upgrade to Hitachi Vantara Pentaho Data Integration & Analytics version 10.2.0.2 or later to address this vulnerability.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
7.5exploitability
7.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.