Lucene search

HITVANCVELIST:CVE-2021-45446

HistoryNov 02, 2022 - 2:26 p.m.

CVE-2021-45446 Pentaho Business Analytics Server - Exposure of Information Through Directory Listing

2022-11-0214:26:02

CWE-548

HITVAN

www.cve.org

pentaho

business analytics

server

vulnerability

directory listing

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

EPSS

0.002

Percentile

51.4%

JSON

A vulnerability in

Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and
8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located
inside the directory.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Pentaho Business Analytics Server",
    "vendor": "Hitachi Vantara",
    "versions": [
      {
        "lessThan": "8.3.0.25",
        "status": "affected",
        "version": "1.0",
        "versionType": "ALL"
      },
      {
        "lessThan": "9.2.0.2",
        "status": "affected",
        "version": "9.0",
        "versionType": "ALL"
      }
    ]
  }
]

References

support.pentaho.com/hc/en-us/articles/6744813983501

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

EPSS

0.002

Percentile

51.4%

JSON

Related for CVELIST:CVE-2021-45446