CVE-2021-45447

EUVD-2021-32218
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 
8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.  

The transmission of sensitive data in clear text allows unauthorized actors with access to the 
network to sniff and obtain sensitive information that can be later used to gain unauthorized 
access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
HITVANCNA
7.7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
hitachivantara_pentaho
8.3.0.0 ≤
𝑥
< 8.3.0.25
hitachivantara_pentaho
9.2.0.0 ≤
𝑥
< 9.2.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.pentaho.com/hc/en-us/articles/6744504393101
https://support.pentaho.com/hc/en-us/articles/6744504393101