Pentaho Data Integration & Analytics Vulnerability: Database Passwords Disclosed

CVE-2024-28981

8.5HIGH

Key Information

Vendor: Hitachi
Status: Pentaho Data Integration & Analytics
Vendor: CVE Published:; 12 September 2024

Summary

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.

Affected Version(s)

Pentaho Data Integration & Analytics < 9.3.0.8

Pentaho Data Integration & Analytics < 10.1.0.0

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: null to: 8.5 - (HIGH)
Sep 12, 2024
Vulnerability published.
Sep 12, 2024

Collectors

NVD DatabaseMitre Database

Credit

Hitachi Group Member