Hitachi : Security Vulnerabilities, CVEs, (Directory traversal) CVSS score >= 4
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-04-03
Updated
2023-04-10
Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.
Max CVSS
7.5
EPSS Score
0.16%
Published
2022-08-29
Updated
2022-11-14
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system.
Max CVSS
7.1
EPSS Score
0.07%
Published
2022-11-02
Updated
2022-11-04
Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors.
Max CVSS
5.0
EPSS Score
0.44%
Published
2012-10-25
Updated
2017-08-29
Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter.
Max CVSS
4.0
EPSS Score
0.27%
Published
2004-12-31
Updated
2017-07-11
5 vulnerabilities found