CVE-2024-37362
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522)
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when saving connections to RedShift.
Products must not disclose sensitive information without cause. Disclosure of sensitive information can lead to further exploitation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration & Analytics | 10.0 < 10.2.0.0 | affected |
| Hitachi Vantara | Pentaho Business Analytics Server | 1.0 < 9.3.0.8 | affected |
Weaknesses
- CWE-522: CWE-522 Insufficiently Protected Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.