Lucene search

K
cvelistHITVANCVELIST:CVE-2023-5617
HistoryFeb 28, 2024 - 10:30 p.m.

CVE-2023-5617 Hitachi Vantara Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information

2024-02-2822:30:40
CWE-550
HITVAN
www.cve.org
cve-2023-5617
hitachi vantara
pentaho
data integration
analytics
server error
sensitive information
tomcat
vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, includingΒ 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Pentaho Data Integration & Analytics",
    "vendor": "Hitachi Vantara",
    "versions": [
      {
        "lessThan": "9.3.0.6",
        "status": "affected",
        "version": "1.0",
        "versionType": "maven"
      },
      {
        "lessThan": "10.1.0.0",
        "status": "affected",
        "version": "9.4.0.0",
        "versionType": "maven"
      }
    ]
  }
]

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2023-5617