Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Hitachi Vantara — Vulnerabilities & Security Advisories 46

Browse all 46 CVE security advisories affecting Hitachi Vantara. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Hitachi Vantara operates as a data management and analytics provider, offering software solutions for storage, virtualization, and cloud infrastructure. The company’s portfolio includes enterprise storage systems and data management platforms that serve critical business operations. Historical security records indicate approximately 46 Common Vulnerabilities and Exposures (CVEs), predominantly involving remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from web interface components and administrative APIs within their storage management software. While no single catastrophic breach has defined the brand’s public history, the recurring nature of these CVEs highlights persistent challenges in securing complex enterprise data environments. The firm generally addresses these issues through regular firmware updates and security advisories, maintaining a standard industry approach to vulnerability remediation without notable publicized data exfiltration incidents.

Top products by Hitachi Vantara: Pentaho Business Analytics Server Pentaho Data Integration & Analytics Pentaho Data Integration and Analytics System Management Unit (SMU) Hitachi Content Platform
CVE IDTitleCVSSSeverityPublished
CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization — Pentaho Data Integration and AnalyticsCWE-862 9.1 Critical2026-03-09
CVE-2025-9121 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data — Pentaho Data Integration and AnalyticsCWE-502 8.8 High2025-12-15
CVE-2025-9122 Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information — Pentaho Data Integration and AnalyticsCWE-209 5.3 Medium2025-12-15
CVE-2025-24907 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal — Pentaho Data Integration & AnalyticsCWE-35 6.8 Medium2025-04-16
CVE-2025-24911 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference — Pentaho Business Analytics ServerCWE-611 4.9 Medium2025-04-16
CVE-2025-24910 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference — Pentaho Business Analytics ServerCWE-611 4.9 Medium2025-04-16
CVE-2025-24909 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — Pentaho Business Analytics ServerCWE-79 4.4 Medium2025-04-16
CVE-2025-24908 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal — Pentaho Data Integration & AnalyticsCWE-35 6.8 Medium2025-04-16
CVE-2025-0756 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection') — Pentaho Data Integration & AnalyticsCWE-99 9.1 Critical2025-04-16
CVE-2025-0757 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — Pentaho Business Analytics ServerCWE-79 4.4 Medium2025-04-16
CVE-2025-0758 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource — Pentaho Business Analytics ServerCWE-732 6.1 Medium2025-04-16
CVE-2024-37363 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization — Pentaho Data Integration & AnalyticsCWE-862 6.5 Medium2025-02-19
CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials — Pentaho Data Integration & AnalyticsCWE-522 6.3 Medium2025-02-19
CVE-2024-6697 Hitachi Vantara Pentaho Business Analytics Server - Improper Handling of Insufficient Permissions or Privileges — Pentaho Data Integration & AnalyticsCWE-280 6.5 Medium2025-02-19
CVE-2024-6696 Hitachi Vantara Pentaho Business Analytics Server - Insufficient Granularity of Access Control — Pentaho Data Integration & AnalyticsCWE-1220 4.9 Medium2025-02-19
CVE-2024-37361 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data — Pentaho Data Integration & AnalyticsCWE-502 9.9 Critical2025-02-19
CVE-2024-37360 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — Pentaho Data Integration & AnalyticsCWE-79 4.4 Medium2025-02-19
CVE-2024-37359 Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery — Pentaho Data Integration & AnalyticsCWE-918 8.6 High2025-02-19
CVE-2024-5705 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization — Pentaho Data Integration & AnalyticsCWE-863 8.8 High2025-02-19
CVE-2024-5706 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection') — Pentaho Data Integration & AnalyticsCWE-99 8.8 High2025-02-19
CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials — Pentaho Data Integration & AnalyticsCWE-522 8.5 High2024-09-11
CVE-2024-28984 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — Pentaho Business Analytics ServerCWE-79 8.8 High2024-06-26
CVE-2024-28983 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — Pentaho Business Analytics ServerCWE-79 8.8 High2024-06-26
CVE-2024-28982 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference — Pentaho Business Analytics ServerCWE-776 7.1 High2024-06-26
CVE-2023-5617 Hitachi Vantara Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information — Pentaho Data Integration & AnalyticsCWE-550 5.3 Medium2024-02-28
CVE-2023-3517 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection') — Pentaho Data Integration & AnalyticsCWE-99 8.5 High2023-12-12
CVE-2023-6538 System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data. — System Management Unit (SMU)CWE-285 7.6 High2023-12-11
CVE-2023-5808 System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products are susceptible to unintended information disclosure via unprivileged access to HNAS configuration backup and diagnostic data. — System Management Unit (SMU)CWE-285 7.6 High2023-12-04
CVE-2023-2358 Hitachi Vantara Pentaho Business Analytics Server – Password Stored in a Recoverable Format — Pentaho Business Analytics ServerCWE-257 4.3 Medium2023-09-26
CVE-2022-4815 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data — Pentaho Business Analytics ServerCWE-502 8.0 High2023-05-24

This page lists every published CVE security advisory associated with Hitachi Vantara. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.