CVE-2024-37362

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.0 and 9.3.0.8, including 8.3.x

Description The product transmits or stores authentication credentials using an insecure method, making it susceptible to unauthorized interception and/or retrieval. This issue can lead to the disclosure of sensitive information, such as database passwords, when saving connections to RedShift. Products should not disclose sensitive information without cause, as this can lead to further exploitation.

Recommendations For versions prior to 10.2.0.0, update to version 10.2.0.0 or later to resolve the issue. For versions prior to 9.3.0.8, update to version 9.3.0.8 or later to resolve the issue. For version 8.3.x, consider disabling the feature to save connections to RedShift until a patch is available, or update to a version that includes the fix, if available. At the moment, there is no information about other versions that contain a fix for this vulnerability.