PT-2025-51318 · Hitachi Vantara · Pentaho Data Integration/Analytics Community Dashboard Framework
Internal
·
Published
2025-12-15
·
Updated
2025-12-21
·
CVE-2025-9122
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Pentaho Data Integration and Analytics Community Dashboard Framework versions prior to 10.2.0.4
Pentaho Data Integration and Analytics Community Dashboard Framework versions 8.3.x
Pentaho Data Integration and Analytics Community Dashboard Framework versions 9.3.0.x
Description
The Pentaho Data Integration and Analytics Community Dashboard Framework reveals the complete server stack trace when an error occurs within the
GetCdfResource servlet. This disclosure of sensitive information could potentially aid attackers in understanding the system's internal workings.Recommendations
Update to Pentaho Data Integration and Analytics Community Dashboard Framework version 10.2.0.4 or later.
Update to a version later than 9.3.0.x.
Update to a version later than 8.3.x.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pentaho Data Integration/Analytics Community Dashboard Framework