Lucene search

HITVANCVELIST:CVE-2022-43772

HistoryApr 03, 2023 - 6:50 p.m.

CVE-2022-43772 Hitachi Vantara Pentaho Business Analytics Server - Insertion of Sensitive Information into Log File

2023-04-0318:50:58

CWE-532

HITVAN

www.cve.org

cve-2022-43772

hitachi vantara

pentaho business analytics server

sensitive information

log file

security vulnerability

3.8 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.8%

JSON

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Big Data Plugin"
    ],
    "product": "Pentaho Business Analytics Server",
    "vendor": "Hitachi Vantara ",
    "versions": [
      {
        "lessThan": "9.3.0.1",
        "status": "affected",
        "version": "1.0",
        "versionType": "maven"
      }
    ]
  }
]

References

support.pentaho.com/hc/en-us/articles/14454594588045--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Insertion-of-Sensitive-Information-into-Log-File-Versions-before-9-4-0-0-and-9-3-0-1-including-8-3-x-Impacted-CVE-2022-43772-

3.8 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.8%

JSON

Related for CVELIST:CVE-2022-43772