CVE-2023-5617

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x

Description The issue is related to the disclosure of information through a server error message. It may allow a remote attacker to disclose protected information. When a server error is encountered, the version of Tomcat is displayed.

Recommendations For versions prior to 10.1.0.0, update to version 10.1.0.0 or later to resolve the issue. For version 9.3.0.6, ensure that the version of Tomcat is not disclosed when a server error is encountered, consider disabling error messages or restricting access to error pages until a patch is available. For versions 9.5.x and 8.3.x, update to a version that does not display the Tomcat version when a server error is encountered, or consider implementing measures to prevent information disclosure, such as custom error pages.