← back
CVE-2024-37362

Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

CVSS 6.3 MEDIUMEPSS 0.3%CWE-522
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522)   Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when saving connections to RedShift.   Products must not disclose sensitive information without cause. Disclosure of sensitive information can lead to further exploitation.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
Hitachi Vantara · Pentaho Business Analytics ServerHitachi Vantara · Pentaho Data Integration & Analytics

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.pentaho.com/hc/en-us/articles/34296552220941--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-2-0-0-and-9-3-0-8-including-8-3-x-Impacted-CVE-2024-37362