Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.
History

Thu, 12 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 11 Sep 2024 23:45:00 +0000

Type Values Removed Values Added
Description Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.
Title Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: HITVAN

Published: 2024-09-11T23:27:42.002Z

Updated: 2024-09-12T13:18:16.563Z

Reserved: 2024-03-13T19:18:14.912Z

Link: CVE-2024-28981

cve-icon Vulnrichment

Updated: 2024-09-12T13:18:07.232Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-12T00:15:02.127

Modified: 2024-09-12T12:35:54.013

Link: CVE-2024-28981

cve-icon Redhat

No data.