Sign-up

ID

VAR-202211-0072


CVE

CVE-2021-45447


TITLE

Hitachi Vantara's  Vantara Pentaho  Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-020579

DESCRIPTION

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.    The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access. Hitachi Vantara's Vantara Pentaho Contains a vulnerability in the transmission of important information in clear text.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-45447 // JVNDB: JVNDB-2021-020579

AFFECTED PRODUCTS

vendor:hitachimodel:vantara pentahoscope:ltversion:8.3.0.25

Trust: 1.0

vendor:hitachimodel:vantara pentahoscope:ltversion:9.2.0.2

Trust: 1.0

vendor:hitachimodel:vantara pentahoscope:gteversion:9.2.0.0

Trust: 1.0

vendor:hitachimodel:vantara pentahoscope:gteversion:8.3.0.0

Trust: 1.0

vendor:日立ヴァンタラmodel:vantara pentahoscope:eqversion:9.2.0.0 that's all 9.2.0.2

Trust: 0.8

vendor:日立ヴァンタラmodel:vantara pentahoscope:eqversion: -

Trust: 0.8

vendor:日立ヴァンタラmodel:vantara pentahoscope:eqversion:8.3.0.0 that's all 8.3.0.25

Trust: 0.8

sources: JVNDB: JVNDB-2021-020579 // NVD: CVE-2021-45447

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-45447
value: HIGH

Trust: 1.8

security.vulnerabilities@hitachivantara.com: CVE-2021-45447
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202211-1925
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

security.vulnerabilities@hitachivantara.com:
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-45447
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-020579 // NVD: CVE-2021-45447 // NVD: CVE-2021-45447 // CNNVD: CNNVD-202211-1925

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:Sending important information in clear text (CWE-319) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-020579 // NVD: CVE-2021-45447

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-1925

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-1925

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-45447

PATCH
title:IMPORTANTurl:https://support.pentaho.com/hc/en-us/articles/6744504393101
Trust: 0.8
title:Hitachi Pentaho Business Analytics Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213137
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-020579 // 
            
            
            
            CNNVD: CNNVD-202211-1925

EXTERNAL IDS
db:NVDid:CVE-2021-45447
Trust: 3.2
db:JVNDBid:JVNDB-2021-020579
Trust: 0.8
db:CNNVDid:CNNVD-202211-1925
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-020579 // 
            
            
            
            NVD: CVE-2021-45447 // 
            
            
            
            CNNVD: CNNVD-202211-1925

REFERENCES
url:https://support.pentaho.com/hc/en-us/articles/6744504393101
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2021-45447
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2021-45447/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-020579 // 
            
            
            
            NVD: CVE-2021-45447 // 
            
            
            
            CNNVD: CNNVD-202211-1925

SOURCES
db:JVNDBid:JVNDB-2021-020579
db:NVDid:CVE-2021-45447
db:CNNVDid:CNNVD-202211-1925

LAST UPDATE DATE
2023-12-18T12:48:24.963000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2021-020579date:2023-11-22T00:46:00
db:NVDid:CVE-2021-45447date:2023-11-07T03:39:50.590
db:CNNVDid:CNNVD-202211-1925date:2022-11-07T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2021-020579date:2023-11-22T00:00:00
db:NVDid:CVE-2021-45447date:2022-11-02T15:15:10.247
db:CNNVDid:CNNVD-202211-1925date:2022-11-02T00:00:00