{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T21:28:59.226","vulnerabilities":[{"cve":{"id":"CVE-2021-45447","sourceIdentifier":"security.vulnerabilities@hitachivantara.com","published":"2022-11-02T15:15:10.247","lastModified":"2024-11-21T06:32:13.613","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"\nHitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and \n8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.  \n\nThe transmission of sensitive data in clear text allows unauthorized actors with access to the \nnetwork to sniff and obtain sensitive information that can be later used to gain unauthorized \naccess.\n\n\n"},{"lang":"es","value":"Las versiones de Hitachi Vantara Pentaho Business Analytics Server anteriores a 9.3.0.0, 9.2.0.2 y 8.3.0.25 con la función Data Lineage habilitada transmite las contraseñas de la base de datos en texto plano. La transmisión de datos confidenciales en texto plano permite a actores no autorizados con acceso a la red rastrear y obtener información confidencial que luego puede usarse para obtener acceso no autorizado."}],"metrics":{"cvssMetricV31":[{"source":"security.vulnerabilities@hitachivantara.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security.vulnerabilities@hitachivantara.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*","versionStartIncluding":"8.3.0.0","versionEndExcluding":"8.3.0.25","matchCriteriaId":"AB67F45F-D25C-4B85-8819-433D89F3EF1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*","versionStartIncluding":"9.2.0.0","versionEndExcluding":"9.2.0.2","matchCriteriaId":"111F5389-BE1D-480F-8229-3EEDF8F6D82A"}]}]}],"references":[{"url":"https://support.pentaho.com/hc/en-us/articles/6744504393101","source":"security.vulnerabilities@hitachivantara.com","tags":["Vendor Advisory"]},{"url":"https://support.pentaho.com/hc/en-us/articles/6744504393101","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}