Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 11 Sep 2024 23:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields. | |
Title | Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials | |
Weaknesses | CWE-522 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: HITVAN
Published: 2024-09-11T23:27:42.002Z
Updated: 2024-09-12T13:18:16.563Z
Reserved: 2024-03-13T19:18:14.912Z
Link: CVE-2024-28981
Vulnrichment
Updated: 2024-09-12T13:18:07.232Z
NVD
Status : Awaiting Analysis
Published: 2024-09-12T00:15:02.127
Modified: 2024-09-12T12:35:54.013
Link: CVE-2024-28981
Redhat
No data.