CVE-2021-45447

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.0 Hitachi Vantara Pentaho Business Analytics Server version 9.2.0.2 and earlier Hitachi Vantara Pentaho Business Analytics Server version 8.3.0.25 and earlier

Description The issue allows unauthorized actors with access to the network to obtain sensitive information, such as database passwords, which are transmitted in clear text when the Data Lineage feature is enabled. This can be used to gain unauthorized access.

Recommendations For versions prior to 9.3.0.0, update to version 9.3.0.0 or later. For version 9.2.0.2 and earlier, update to version 9.2.0.2 or later, and then update to version 9.3.0.0 or later. For version 8.3.0.25 and earlier, update to version 8.3.0.25 or later, and then update to version 9.3.0.0 or later. As a temporary workaround, consider disabling the Data Lineage feature until a patch is available.