CVE-2021-45446
02.11.2022, 15:15
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.Enginsight
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho | 8.3.0.0 ≤ 𝑥 < 8.3.0.25 |
| hitachi | vantara_pentaho | 9.2.0.0 ≤ 𝑥 < 9.2.0.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-548 - Exposure of Information Through Directory ListingA directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.
- CWE-281 - Improper Preservation of PermissionsThe software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.