{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-45447","assignerOrgId":"dce6e192-ff49-4263-9134-f0beccb9bc13","state":"PUBLISHED","assignerShortName":"HITVAN","requesterUserId":"520cc88b-a1c8-44f6-9154-21a4d74c769f","dateReserved":"2021-12-21T05:57:40.703Z","datePublished":"2022-11-02T14:56:01.585Z","dateUpdated":"2025-05-02T20:38:51.406Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Pentaho Business Analytics Server","vendor":"Hitachi Vantara","versions":[{"lessThan":"9.2.0.2","status":"affected","version":"9.0.0.0","versionType":"All"},{"lessThan":"8.3.0.25","status":"affected","version":"1.0","versionType":"All"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nHitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and \n8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.&nbsp;&nbsp;\n\nThe transmission of sensitive data in clear text allows unauthorized actors with access to the \nnetwork to sniff and obtain sensitive information that can be later used to gain unauthorized \naccess.\n\n\n"}],"value":"\nHitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and \n8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.  \n\nThe transmission of sensitive data in clear text allows unauthorized actors with access to the \nnetwork to sniff and obtain sensitive information that can be later used to gain unauthorized \naccess.\n\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.7,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-319","description":"CWE-319 Cleartext Transmission of Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"dce6e192-ff49-4263-9134-f0beccb9bc13","shortName":"HITVAN","dateUpdated":"2022-11-02T14:56:03.090Z"},"references":[{"url":"https://support.pentaho.com/hc/en-us/articles/6744504393101"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nThe defect may be mitigated now by disabling the Data Lineage feature or updating to a patched version<br>"}],"value":"\nThe defect may be mitigated now by disabling the Data Lineage feature or updating to a patched version\n"}],"source":{"discovery":"UNKNOWN"},"title":" Pentaho Business Analytics Server - With the Data Lineage feature enabled, the system transmits database passwords in clear text","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T04:39:20.773Z"},"title":"CVE Program Container","references":[{"url":"https://support.pentaho.com/hc/en-us/articles/6744504393101","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-02T20:38:38.823127Z","id":"CVE-2021-45447","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-02T20:38:51.406Z"}}]}}