CVE-2023-5617
EUVD-2023-5791028.02.2024, 23:15
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_data_integration_and_analytics | 𝑥 < 9.3.0.6 |
| hitachi | vantara_pentaho_data_integration_and_analytics | 9.4.0.0 ≤ 𝑥 < 10.1.0.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| hitachi_vantara | pentaho_data_integration_\&_analytics | 1.0 ≤ 𝑥 < 9.3.0.6 | ADP |
| hitachi_vantara | pentaho_data_integration_\&_analytics | 9.4.0.0 ≤ 𝑥 < 10.1.0.0 | ADP |
Common Weakness Enumeration
- CWE-550 - Server-generated Error Message Containing Sensitive InformationCertain conditions, such as network failure, will cause a server error message to be displayed.
- CWE-209 - Generation of Error Message Containing Sensitive InformationThe software generates an error message that includes sensitive information about its environment, users, or associated data.
References