PT-2023-8804 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server
Published
2023-09-26
·
Updated
2023-09-29
·
CVE-2023-2358
CVSS v2.0
6.1
Medium
| Vector | AV:N/AC:L/Au:M/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.5.0.0
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.4
Hitachi Vantara Pentaho Business Analytics Server version 8.3.x.x
Description
The issue is related to the storage of passwords in a recoverable format. This allows a remote attacker to potentially disclose protected information. The passwords of the Hadoop Copy Files step are saved in plaintext.
Recommendations
For versions prior to 9.5.0.0, update to version 9.5.0.0 or later.
For versions prior to 9.3.0.4, update to version 9.3.0.4 or later.
For version 8.3.x.x, update to a version outside of the 8.3.x.x range, such as version 9.3.0.4 or later.
As a temporary workaround, consider restricting access to the Hadoop Copy Files step until a patch is available.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hitachi Vantara Pentaho Business Analytics Server