CVE-2021-45447

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 
8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.

The transmission of sensitive data in clear text allows unauthorized actors with access to the 
network to sniff and obtain sensitive information that can be later used to gain unauthorized 
access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
HITVANCNA
7.7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
hitachivantara_pentaho
8.3.0.0 ≤
𝑥
< 8.3.0.25
hitachivantara_pentaho
9.2.0.0 ≤
𝑥
< 9.2.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.pentaho.com/hc/en-us/articles/6744504393101
https://support.pentaho.com/hc/en-us/articles/6744504393101