Products
Hitachi Vantara Pentaho Data Integration & Analytics
- 8.3.x
- before 10.1.0.0
- 9.3.0.8
Source
security.vulnerabilities@hitachivantara.com
Tags
CVE-2024-28981 details
Published : Sept. 12, 2024, 12:15 a.m.
Last Modified : Sept. 12, 2024, 12:35 p.m.
Last Modified : Sept. 12, 2024, 12:35 p.m.
Description
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.5 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-522 | Insufficiently Protected Credentials | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
Base Score
8.5
Exploitability Score
3.1
Impact Score
4.7
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
References
This website uses the NVD API, but is not approved or certified by it.