CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45447 – Pentaho Business Analytics Server - With the Data Lineage feature enabled, the system transmits database passwords in clear text
https://notcve.org/view.php?id=CVE-2021-45447
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access. Las versiones de Hitachi Vantara Pentaho Business Analytics Server anteriores a 9.3.0.0, 9.2.0.2 y 8.3.0.25 con la función Data Lineage habilitada transmite las contraseñas de la base de datos en texto plano. La transmisión de datos confidenciales en texto plano permite a actores no autorizados con acceso a la red rastrear y obtener información confidencial que luego puede usarse para obtener acceso no autorizado. • https://support.pentaho.com/hc/en-us/articles/6744504393101 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45446 – Pentaho Business Analytics Server - Exposure of Information Through Directory Listing
https://notcve.org/view.php?id=CVE-2021-45446
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory. Una vulnerabilidad en las versiones de Hitachi Vantara Pentaho Business Analytics Server anteriores a 9.2.0.2 y 8.3.0.25 no conecta en cascada la propiedad oculta a los elementos secundarios de la carpeta Inicio. Esta lista de directorio proporciona al atacante el índice completo de todos los recursos ubicados dentro del directorio. • https://support.pentaho.com/hc/en-us/articles/6744813983501 • CWE-281: Improper Preservation of Permissions CWE-548: Exposure of Information Through Directory Listing •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-41553 – Information Exposure Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer
https://notcve.org/view.php?id=CVE-2022-41553
Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. Vulnerabilidad de inserción de información confidencial en un archivo temporal en Hitachi Infrastructure Analytics Advisor en Linux (componente de sonda Analytics), Hitachi Ops Center Analyzer en Linux (componente de sonda Hitachi Ops Center Analyzer) permite a los usuarios locales obtener información confidencial. Este problema afecta a Hitachi Infrastructure Analytics Advisor: desde 2.0.0-00 hasta 4.4.0-00; Analizador de Hitachi Ops Center: desde 10.0.0-00 antes de 10.9.0-00. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-41552 – Server-Side Request Forgery Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer
https://notcve.org/view.php?id=CVE-2022-41552
Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. La vulnerabilidad de Server-Side Reqiest Forgery (SSRF) en Hitachi Infrastructure Analytics Advisor en Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer en Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) permite realizar Server-Side Request Forgery. Este problema afecta a Hitachi Infrastructure Analytics Advisor: desde 2.0.0-00 hasta 4.4.0-00; Analizador de Hitachi Ops Center: desde 10.0.0-00 antes de 10.9.0-00. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3191 – Information Exposure Vulnerability in Hitachi Ops Center Analyzer
https://notcve.org/view.php?id=CVE-2022-3191
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00 La vulnerabilidad de inserción de información confidencial en un archivo de registro en Hitachi Ops Center Analyzer en Linux (componente Virtual Strage Software Agent) permite a los usuarios locales obtener información confidencial. Este problema afecta a Hitachi Ops Center Analyzer: desde 10.8.1-00 antes de 10.9.0-00 • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html • CWE-532: Insertion of Sensitive Information into Log File •