An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/164779/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Insufficient-Access-Control.html | Exploit Third Party Advisory VDB Entry |
https://www.hitachi.com/hirt/security/index.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-11-08T03:27:58
Updated: 2021-11-08T03:27:58
Reserved: 2021-04-23T00:00:00
Link: CVE-2021-31601
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-08T04:15:08.213
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-31601
JSON object: View
Redhat Information
No data.
CWE