CVE-2021-31601

Опубликовано: 08 нояб. 2021

Источник: nvd

CVSS3: 7.1

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.

Ссылки

http://packetstormsecurity.com/files/164779/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Insufficient-Access-Control.html
Exploit
Third Party Advisory
VDB Entry
https://www.hitachi.com/hirt/security/index.html
Vendor Advisory
http://packetstormsecurity.com/files/164779/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Insufficient-Access-Control.html
Exploit
Third Party Advisory
VDB Entry
https://www.hitachi.com/hirt/security/index.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*

Версия до 9.1.0.0 (включая)

cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:*:*:*:*:*:*:*:*

Версия до 7.1 (включая)

EPSS

Процентиль: 75%

0.00948

Низкий

7.1 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-22f9-g2j6-q686

CVSS3: 6.5

github

около 3 лет назад

EPSS

Процентиль: 75%

0.00948

Низкий

7.1 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-Other