Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information
CVE-2022-4770

4.3MEDIUM

Key Information:

Vendor: Hitachi
Status: Pentaho Business Analytics Server
Vendor: CVE Published:; 3 April 2023

Summary

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).

Affected Version(s)

Pentaho Business Analytics Server 1.0 < 9.3.0.2

References

https://support.pentaho.com/hc/en-us/articles/14455209015...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2023
Vulnerability Reserved
Dec 27, 2022

Credit

Hitachi Group Member