← back
CVE-2022-4770

Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information

CVSS 4.3 MEDIUMEPSS 0.4%CWE-209
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Hitachi Vantara · Pentaho Business Analytics Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.pentaho.com/hc/en-us/articles/14455209015949--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Generation-of-Error-Message-Containing-Sensitive-Information-Versions-before-9-4-0-0-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-4770-