← back
CVE-2025-9122

Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information

CVSS 5.3 MEDIUMEPSS 0.2%CWE-209
Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Hitachi Vantara · Pentaho Data Integration and Analytics

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.pentaho.com/hc/en-us/articles/41833799577741--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Generation-of-Error-Message-Containing-Sensitive-Information-Versions-before-10-2-0-4-Impacted-CVE-2025-9122