CVE-2021-45447
HIGHHitachi Vantara Pentaho Business Analytics Server < 8.3.0.25, 9.2.0.2 - Cleartext Database Password Transmission
Title source: llmDescription
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access.
References (1)
Core 1
Core References
Vendor Advisory
https://support.pentaho.com/hc/en-us/articles/6744504393101
Scores
CVSS v3
7.7
EPSS
0.0015
EPSS Percentile
34.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-319
Status
published
Products (1)
hitachi/vantara_pentaho
8.3.0.0 - 8.3.0.25
Published
Nov 02, 2022
Tracked Since
Feb 18, 2026