CVE-2021-45446

Опубликовано: 02 нояб. 2022

Источник: nvd

CVSS3: 5

CVSS3: 7.5

EPSS Низкий

Описание

A vulnerability in

Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.

Ссылки

https://support.pentaho.com/hc/en-us/articles/6744813983501
Vendor Advisory
https://support.pentaho.com/hc/en-us/articles/6744813983501
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*

Версия от 8.3.0.0 (включая) до 8.3.0.25 (исключая)

cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*

Версия от 9.2.0.0 (включая) до 9.2.0.2 (исключая)

EPSS

Процентиль: 41%

0.0019

Низкий

5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-548

CWE-281

Связанные уязвимости

GHSA-jgwp-h4gx-xm93

CVSS3: 7.5

github

больше 3 лет назад

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.

EPSS

Процентиль: 41%

0.0019

Низкий

5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-548

CWE-281