CVE-2022-43772: Hitachi Vantara Pentaho Business Analytics Server - Insertion of Sensitive Information into Log File
First published: Mon Apr 03 2023(Updated: )
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.
Credit: security.vulnerabilities@hitachivantara.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachi Vantara Pentaho Business Analytics Server | <9.3.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-43772?
CVE-2022-43772 is a vulnerability found in Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin.
How severe is CVE-2022-43772?
CVE-2022-43772 has a severity rating of medium with a CVSS score of 6.5.
What does CVE-2022-43772 expose?
CVE-2022-43772 exposes the username and password of clusters in clear text into system logs.
Which version of Hitachi Vantara Pentaho Business Analytics Server is affected by CVE-2022-43772?
CVE-2022-43772 affects versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin.
How can I fix CVE-2022-43772?
To fix CVE-2022-43772, update your Hitachi Vantara Pentaho Business Analytics Server to version 9.4.0.0 or 9.3.0.1.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/hitachi
- canonical/hitachi vantara pentaho business analytics server