CVE-2021-45446

MEDIUM

Hitachi Vantara Pentaho Business Analytics Server <9.2.0.2-8.3.0.25...

Title source: llm

Description

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.

References (1)

[Vendor Advisory] https://support.pentaho.com/hc/en-us/articles/6744813983501

Scores

CVSS v3 5.0

EPSS 0.0019

EPSS Percentile 40.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-548 CWE-281

Status published

Products (1)

hitachi/vantara_pentaho 8.3.0.0 - 8.3.0.25

Published Nov 02, 2022

Tracked Since Feb 18, 2026