Sign-up

ID

VAR-202211-0149


CVE

CVE-2021-45446


TITLE

Hitachi Vantara's  Vantara Pentaho  Improper Permission Preservation Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-020578

DESCRIPTION

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder.   This directory listing provides an attacker with the complete index of all the resources located inside the directory. Hitachi Vantara's Vantara Pentaho contains an improper permissions retention vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-45446 // JVNDB: JVNDB-2021-020578

AFFECTED PRODUCTS

vendor:hitachimodel:vantara pentahoscope:ltversion:8.3.0.25

Trust: 1.0

vendor:hitachimodel:vantara pentahoscope:ltversion:9.2.0.2

Trust: 1.0

vendor:hitachimodel:vantara pentahoscope:gteversion:9.2.0.0

Trust: 1.0

vendor:hitachimodel:vantara pentahoscope:gteversion:8.3.0.0

Trust: 1.0

vendor:日立ヴァンタラmodel:vantara pentahoscope:eqversion:9.2.0.0 that's all 9.2.0.2

Trust: 0.8

vendor:日立ヴァンタラmodel:vantara pentahoscope:eqversion: -

Trust: 0.8

vendor:日立ヴァンタラmodel:vantara pentahoscope:eqversion:8.3.0.0 that's all 8.3.0.25

Trust: 0.8

sources: JVNDB: JVNDB-2021-020578 // NVD: CVE-2021-45446

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-45446
value: HIGH

Trust: 1.8

security.vulnerabilities@hitachivantara.com: CVE-2021-45446
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202211-1926
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

security.vulnerabilities@hitachivantara.com:
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-45446
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-020578 // NVD: CVE-2021-45446 // NVD: CVE-2021-45446 // CNNVD: CNNVD-202211-1926

PROBLEMTYPE DATA

problemtype:CWE-281

Trust: 1.0

problemtype:Improper retention of permissions (CWE-281) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-020578 // NVD: CVE-2021-45446

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-1926

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-1926

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-45446

PATCH
title:IMPORTANTurl:https://support.pentaho.com/hc/en-us/articles/6744813983501
Trust: 0.8
title:Hitachi Pentaho Business Analytics Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213138
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-020578 // 
            
            
            
            CNNVD: CNNVD-202211-1926

EXTERNAL IDS
db:NVDid:CVE-2021-45446
Trust: 3.2
db:JVNDBid:JVNDB-2021-020578
Trust: 0.8
db:CNNVDid:CNNVD-202211-1926
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-020578 // 
            
            
            
            NVD: CVE-2021-45446 // 
            
            
            
            CNNVD: CNNVD-202211-1926

REFERENCES
url:https://support.pentaho.com/hc/en-us/articles/6744813983501
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2021-45446
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2021-45446/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-020578 // 
            
            
            
            NVD: CVE-2021-45446 // 
            
            
            
            CNNVD: CNNVD-202211-1926

SOURCES
db:JVNDBid:JVNDB-2021-020578
db:NVDid:CVE-2021-45446
db:CNNVDid:CNNVD-202211-1926

LAST UPDATE DATE
2023-12-18T12:15:14.363000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2021-020578date:2023-11-22T00:46:00
db:NVDid:CVE-2021-45446date:2023-11-07T03:39:50.490
db:CNNVDid:CNNVD-202211-1926date:2023-07-24T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2021-020578date:2023-11-22T00:00:00
db:NVDid:CVE-2021-45446date:2022-11-02T15:15:09.683
db:CNNVDid:CNNVD-202211-1926date:2022-11-02T00:00:00