Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-45447
HistoryNov 02, 2022 - 3:15 p.m.

CVE-2021-45447

2022-11-0215:15:10
CWE-319
[email protected]
web.nvd.nist.gov
cve-2021-45447
hitachi vantara
data lineage
sensitive data
clear text
unauthorized access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.5%

JSON

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and
8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.

The transmission of sensitive data in clear text allows unauthorized actors with access to the
network to sniff and obtain sensitive information that can be later used to gain unauthorized
access.

Affected configurations

NVD
Node
hitachivantara_pentahoRange8.3.0.08.3.0.25
OR
hitachivantara_pentahoRange9.2.0.09.2.0.2

Related

cvelist 1
prion 1
cve 1
cvelist
cvelist
CVE-2021-45447 Pentaho Business Analytics Server - With the Data Lineage feature enabled, the system transmits database passwords in clear text
2022-11-02 14:56:01
prion
prion
Design/Logic Flaw
2022-11-02 15:15:00
cve
cve
CVE-2021-45447
2022-11-02 15:15:10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.5%

JSON
Related for NVD:CVE-2021-45447
cvelist1prion1cve1