Pentaho business analytics server
This hub aggregates every CVE we track for Pentaho business analytics server, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
37
CVEs tracked
1
Critical
15
High
2
In CISA KEV
Severity distribution
MEDIUM20HIGH15LOW1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
9
0
5
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Pentaho business analytics server.
- CVE-2025-24911Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference4.9
- CVE-2025-24910Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference4.9
- CVE-2025-24909Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')4.4
- CVE-2025-0757Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')4.4
- CVE-2025-0758Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource6.1
- CVE-2024-37363Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization6.5
- CVE-2024-37362Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials6.3
- CVE-2024-6697Hitachi Vantara Pentaho Business Analytics Server - Improper Handling of Insufficient Permissions or Privileges6.5
- CVE-2024-6696Hitachi Vantara Pentaho Business Analytics Server - Insufficient Granularity of Access Control4.9
- CVE-2024-37361Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data9.9
- CVE-2024-37360Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')4.4
- CVE-2024-37359Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery8.6
- CVE-2024-5705Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization8.8
- CVE-2024-5706Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')8.8
- CVE-2024-28984Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')8.8
Product normalization is registry-driven with AI assist and human review. How it works