Pentaho Data Integration & Analytics Vulnerability: Database Passwords Disclosed
CVE-2024-28981

8.5HIGH

Key Information:

Vendor: Hitachi
Status: Pentaho Data Integration & Analytics
Vendor: CVE Published:; 12 September 2024

What is CVE-2024-28981?

Hitachi Vantara Pentaho Data Integration & Analytics has a vulnerability that exposes database passwords when searching metadata fields that are injectable. This flaw affects versions prior to 10.1.0.0 and 9.3.0.8, as well as the 8.3.x series. The identification of insufficiently protected credentials can potentially lead to unauthorized access to sensitive data, demanding prompt attention and remediation to maintain the integrity and confidentiality of the information handled by the application.

Affected Version(s)

Pentaho Data Integration & Analytics 1.0 < 9.3.0.8

Pentaho Data Integration & Analytics 9.4.0.0 < 10.1.0.0

References

https://support.pentaho.com/hc/en-us/articles/27569056997...

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2024

Credit

Hitachi Group Member