CVE-2021-45447

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.pentaho.com/hc/en-us/articles/6744504393101	Vendor Advisory
https://support.pentaho.com/hc/en-us/articles/6744504393101	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hitachi:vantara_pentaho::::::::
	cpe:2.3:a:hitachi:vantara_pentaho::::::::

History

21 Nov 2024, 06:32

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 7.7
References	~~() https://support.pentaho.com/hc/en-us/articles/6744504393101 - Vendor Advisory~~	() https://support.pentaho.com/hc/en-us/articles/6744504393101 - Vendor Advisory

04 Nov 2022, 13:28

Type	Values Removed	Values Added
References	~~(MISC) https://support.pentaho.com/hc/en-us/articles/6744504393101 -~~	(MISC) https://support.pentaho.com/hc/en-us/articles/6744504393101 - Vendor Advisory
CWE		CWE-319
CPE		cpe:2.3:a:hitachi:vantara_pentaho::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

02 Nov 2022, 15:51

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-02 15:15

Updated : 2024-11-21 06:32

NVD link : CVE-2021-45447

Mitre link : CVE-2021-45447

CVE.ORG link : CVE-2021-45447

JSON object : View

Products Affected

hitachi

vantara_pentaho

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2021-45447", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security.vulnerabilities@hitachivantara.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 5.5, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-11-02T15:15:10.247", "references": [{"url": "https://support.pentaho.com/hc/en-us/articles/6744504393101", "tags": ["Vendor Advisory"], "source": "security.vulnerabilities@hitachivantara.com"}, {"url": "https://support.pentaho.com/hc/en-us/articles/6744504393101", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security.vulnerabilities@hitachivantara.com", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "\nHitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and \n8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.\u00a0\u00a0\n\nThe transmission of sensitive data in clear text allows unauthorized actors with access to the \nnetwork to sniff and obtain sensitive information that can be later used to gain unauthorized \naccess.\n\n\n"}, {"lang": "es", "value": "Las versiones de Hitachi Vantara Pentaho Business Analytics Server anteriores a 9.3.0.0, 9.2.0.2 y 8.3.0.25 con la funci\u00f3n Data Lineage habilitada transmite las contrase\u00f1as de la base de datos en texto plano. La transmisi\u00f3n de datos confidenciales en texto plano permite a actores no autorizados con acceso a la red rastrear y obtener informaci\u00f3n confidencial que luego puede usarse para obtener acceso no autorizado."}], "lastModified": "2024-11-21T06:32:13.613", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB67F45F-D25C-4B85-8819-433D89F3EF1F", "versionEndExcluding": "8.3.0.25", "versionStartIncluding": "8.3.0.0"}, {"criteria": "cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "111F5389-BE1D-480F-8229-3EEDF8F6D82A", "versionEndExcluding": "9.2.0.2", "versionStartIncluding": "9.2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security.vulnerabilities@hitachivantara.com"}