Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information
CVE-2022-4770
4.3MEDIUM
Key Information
- Vendor
- Hitachi
- Status
- Pentaho Business Analytics Server
- Vendor
- CVE Published:
- 3 April 2023
Summary
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).
Affected Version(s)
Pentaho Business Analytics Server < 9.3.0.2
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Hitachi Group Member