Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-45446

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.

Published

2022-11-02T15:15:09.683

Last Modified

2024-11-21T06:32:13.470

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.0 (MEDIUM)

Weaknesses

Type: Secondary
CWE-548
Type: Primary
CWE-281

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hitachi	vantara_pentaho	< 8.3.0.25	Yes
Application	hitachi	vantara_pentaho	< 9.2.0.2	Yes

References

https://support.pentaho.com/hc/en-us/articles/6744813983501 Vendor Advisory ([email protected])
https://support.pentaho.com/hc/en-us/articles/6744813983501 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)