CVE-2022-43772

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server version 9.3.0.1 and earlier Hitachi Vantara Pentaho Business Analytics Server version 8.3.x with the Big Data Plugin

Description The issue is related to the exposure of sensitive information through log files, allowing a remote attacker to gain unauthorized access to protected information. Specifically, the username and password of clusters are exposed in clear text into system logs.

Recommendations For versions prior to 9.4.0.0, update to version 9.4.0.0 or later. For version 9.3.0.1 and earlier, update to version 9.3.0.1 or later, or apply the recommended fix for version 9.3. For version 8.3.x with the Big Data Plugin, remove or disable the Big Data Plugin until a patch is available. As a temporary workaround, consider restricting access to system logs to minimize the risk of exploitation.