We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-0756

Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')



Description

Overview   The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. (CWE-99)   Description   Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not restrict JNDI identifiers during the creation of platform data sources.   Impact   An attacker could gain access to or modify sensitive data or system resources. This could allow access to protected files or directories including configuration files and files containing sensitive information, which can lead to remote code execution by unauthorized users.

Reserved 2025-01-27 | Published 2025-04-16 | Updated 2025-04-17 | Assigner HITVAN


CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-99: Improper Control of Resource Identifiers ('Resource Injection')

Product status

Default status
unaffected

10.0 before 10.2.0.2
affected

1.0
affected

Credits

Hitachi Group Member finder

References

https/...ore-10-2-0-2-including-9-3-x-Impacted-CVE-2025-0756

cve.org (CVE-2025-0756)

nvd.nist.gov (CVE-2025-0756)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-0756

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.