Design/Logic Flaw

2022-11-0215:15:00

PRIOn knowledge base

www.prio-n.com

hitachi vantara

pentaho

business analytics server

data lineage

database passwords

clear text

unauthorized access

network security

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.5%

JSON

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access.

CPENameOperatorVersion
vantara_pentahoge8.3.0.0
vantara_pentaholt8.3.0.25
vantara_pentahoge9.2.0.0
vantara_pentaholt9.2.0.2

Name	Operator	Version
vantara_pentaho	ge	8.3.0.0
vantara_pentaho	lt	8.3.0.25
vantara_pentaho	ge	9.2.0.0
vantara_pentaho	lt	9.2.0.2

References

support.pentaho.com/hc/en-us/articles/6744504393101