CVE-2021-31601

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:05

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/164779/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Insufficient-Access-Control.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/164779/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Insufficient-Access-Control.html - Exploit, Third Party Advisory, VDB Entry
References () https://www.hitachi.com/hirt/security/index.html - Vendor Advisory () https://www.hitachi.com/hirt/security/index.html - Vendor Advisory
CVSS v2 : 4.0
v3 : 6.5
v2 : 4.0
v3 : 7.1

Information

Published : 2021-11-08 04:15

Updated : 2024-11-21 06:05


NVD link : CVE-2021-31601

Mitre link : CVE-2021-31601

CVE.ORG link : CVE-2021-31601


JSON object : View

Products Affected

hitachi

  • vantara_pentaho_business_intelligence_server
  • vantara_pentaho