CVE-2021-45447
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
7.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.5%
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and
8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.
The transmission of sensitive data in clear text allows unauthorized actors with access to the
network to sniff and obtain sensitive information that can be later used to gain unauthorized
access.
Affected configurations
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Pentaho Business Analytics Server",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "9.2.0.2",
"status": "affected",
"version": "9.0.0.0",
"versionType": "All"
},
{
"lessThan": "8.3.0.25",
"status": "affected",
"version": "1.0",
"versionType": "All"
}
]
}
]Social References
More
Related
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
7.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.5%