Pentaho Data Integration & Analytics Vulnerability: Database Passwords Disclosed
CVE-2024-28981

8.5HIGH

Key Information:

Vendor: Hitachi
Status: Pentaho Data Integration & Analytics
Vendor: CVE Published:; 12 September 2024

What is CVE-2024-28981?

Hitachi Vantara Pentaho Data Integration & Analytics has a vulnerability that exposes database passwords when searching metadata fields that are injectable. This flaw affects versions prior to 10.1.0.0 and 9.3.0.8, as well as the 8.3.x series. The identification of insufficiently protected credentials can potentially lead to unauthorized access to sensitive data, demanding prompt attention and remediation to maintain the integrity and confidentiality of the information handled by the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Pentaho Data Integration & Analytics 1.0 < 9.3.0.8

Pentaho Data Integration & Analytics 9.4.0.0 < 10.1.0.0

References

https://support.pentaho.com/hc/en-us/articles/27569056997...

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 12, 2024

Credit

Hitachi Group Member

JSON

Hitachi