Hitachi Vantara Pentaho Business Analytics Server – Password Stored in a Recoverable Format

CVE-2023-2358

4.3MEDIUM

Key Information

Vendor: Hitachi
Status: Pentaho Business Analytics Server
Vendor: CVE Published:; 27 September 2023

Summary

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext.

Affected Version(s)

Pentaho Business Analytics Server < 9.3.0.5

Pentaho Business Analytics Server < 9.5.0.1

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 4.9 to: 4.3 - (MEDIUM)
Sep 23, 2024
Vulnerability published.
Sep 27, 2023
Vulnerability Reserved.
Apr 27, 2023

Collectors

NVD DatabaseMitre Database

Credit

Hitachi Group Member