Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and
8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.
The transmission of sensitive data in clear text allows unauthorized actors with access to the
network to sniff and obtain sensitive information that can be later used to gain unauthorized
access.
References
| Link | Resource |
|---|---|
| https://support.pentaho.com/hc/en-us/articles/6744504393101 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:39
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access. |
04 Nov 2022, 13:28
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://support.pentaho.com/hc/en-us/articles/6744504393101 - Vendor Advisory | |
| CPE | cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:* | |
| CWE | CWE-319 | |
| First Time |
Hitachi vantara Pentaho
Hitachi |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
02 Nov 2022, 15:51
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-11-02 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-45447
Mitre link : CVE-2021-45447
CVE.ORG link : CVE-2021-45447
JSON object : View
Products Affected
hitachi
- vantara_pentaho
CWE
CWE-319
Cleartext Transmission of Sensitive Information