Pentaho data integration & analytics
This hub aggregates every CVE we track for Pentaho data integration & analytics, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
15
CVEs tracked
2
Critical
5
High
0
In CISA KEV
Severity distribution
MEDIUM8HIGH5CRITICAL2
Monthly trend
0
1
0
0
0
0
9
0
3
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Pentaho data integration & analytics.
- CVE-2025-24907Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal6.8
- CVE-2025-24908Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal6.8
- CVE-2025-0756Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')9.1
- CVE-2024-37363Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization6.5
- CVE-2024-37362Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials6.3
- CVE-2024-6697Hitachi Vantara Pentaho Business Analytics Server - Improper Handling of Insufficient Permissions or Privileges6.5
- CVE-2024-6696Hitachi Vantara Pentaho Business Analytics Server - Insufficient Granularity of Access Control4.9
- CVE-2024-37361Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data9.9
- CVE-2024-37360Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')4.4
- CVE-2024-37359Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery8.6
- CVE-2024-5705Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization8.8
- CVE-2024-5706Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')8.8
- CVE-2024-28981Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials8.5
- CVE-2023-5617Hitachi Vantara Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information5.3
- CVE-2023-3517Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')8.5
Product normalization is registry-driven with AI assist and human review. How it works