Unrated severityNVD Advisory· Published Nov 8, 2021· Updated Aug 3, 2024
CVE-2021-31601
CVE-2021-31601
Description
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Hitachi Vantara Pentaho/Pentaho Business Intelligence Serverdescription
- Range: <=7.x
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/164779/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Insufficient-Access-Control.htmlmitrex_refsource_MISC
- www.hitachi.com/hirt/security/index.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.