Primary

Context

Hitachi Vantara Pentaho Data Integration & Analytics Insecure Credential Storage Vulnerability

Vulnerability

Patched

A vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.0 and 9.3.0.8, including 8.3.x. The product improperly transmits or stores authentication credentials, specifically database passwords for RedShift connections, using an insecure method that allows for unauthorized interception or retrieval. This disclosure of sensitive information could lead to further exploitation.

Impact

The vulnerability could result in the unauthorized disclosure of database passwords, potentially allowing for unauthorized access to RedShift databases.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hitachi Vantara Pentaho Data Integration & Analytics Insecure Credential Storage Vulnerability

Vulnerability

Impact

Affected Products

Hitachi Vantara Pentaho Data Integration & Analytics

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating