CVE-2022-43772

LOW

Hitachi Vantara Pentaho <9.4.0.0-9.3.0.1 - Info Disclosure

Title source: llm

Description

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.

References (1)

Core 1

Core References

Vendor Advisory

https://support.pentaho.com/hc/en-us/articles/14454594588045--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Insertion-of-Sensitive-Information-into-Log-File-Versions-before-9-4-0-0-and-9-3-0-1-including-8-3-x-Impacted-CVE-2022-43772-

Scores

CVSS v3 3.8

EPSS 0.0034

EPSS Percentile 56.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (1)

hitachi/vantara_pentaho_business_analytics_server < 9.3.0.1

Published Apr 03, 2023

Tracked Since Feb 18, 2026