Hitachi Vantara Pentaho Data Integration & Analytics

7.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Description

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.

Basic Information

ID CVE-2026-2253

Source HITVAN

Published May 27, 2026 at 02:54

Affected Product

Vendor Hitachi Vantara

Product Pentaho Data Integration and Analytics

Version 1.0

Affected Versions Hitachi Vantara Pentaho Data Integration and Analytics 1.0
Hitachi Vantara Pentaho Data Integration and Analytics 10.0

CWE Classification

CWE-611

References

support.pentaho.com /hc/en-us/articles/45677548193933--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2026-2253

{
    "lastseen": "",
    "description": "Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.",
    "published": "2026-05-27T02:54:25.857Z",
    "modified": "2026-05-27T02:54:25.857Z",
    "type": "cve",
    "title": "Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity  Reference",
    "source": "HITVAN",
    "references": "https://support.pentaho.com/hc/en-us/articles/45677548193933--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2026-2253",
    "id": "CVE-2026-2253",
    "bulletinFamily": "",
    "cwe": [
        "CWE-611"
    ],
    "cvelist": null,
    "sourceData": "Hitachi Vantara Pentaho Data Integration and Analytics 1.0\nHitachi Vantara Pentaho Data Integration and Analytics 10.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pentaho Data Integration and Analytics",
    "version": "1.0",
    "vendor": "Hitachi Vantara",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Hitachi Vantara Pentaho Data Integration & Analytics – Improper Restriction of XML External Entity Reference_CVE-2026-2253