First published: Mon Nov 08 2021(Updated: )
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Hitachi Vantara Pentaho | <=9.1.0.0 | |
Hitachi Vantara Pentaho Business Intelligence Server | <=7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.