CVE-2021-45446: Pentaho Business Analytics Server - Exposure of Information Through Directory Listing
First published: Wed Nov 02 2022(Updated: )
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.
Credit: security.vulnerabilities@hitachivantara.com security.vulnerabilities@hitachivantara.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachi Vantara Pentaho | >=8.3.0.0<8.3.0.25 | |
| Hitachi Vantara Pentaho | >=9.2.0.0<9.2.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-45446.
What software versions are affected by CVE-2021-45446?
Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 are affected.
What is the severity of CVE-2021-45446?
The severity of CVE-2021-45446 is high with a CVSS score of 7.5.
How does CVE-2021-45446 affect the system?
CVE-2021-45446 allows an attacker to view the complete index of all the resources located inside the directory of the Home folder.
Is there a fix available for CVE-2021-45446?
Yes, a fix is available. Update Hitachi Vantara Pentaho Business Analytics Server to version 9.2.0.2 or 8.3.0.25.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/softwarecombine
- agent/references
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/hitachi
- canonical/hitachi vantara pentaho
- version/hitachi vantara pentaho/8.3.0.0
- version/hitachi vantara pentaho/9.2.0.0