{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T18:53:34.523","vulnerabilities":[{"cve":{"id":"CVE-2024-37362","sourceIdentifier":"security.vulnerabilities@hitachivantara.com","published":"2025-02-20T00:15:19.630","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) \n\n\n\n \n\n\n\nHitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when saving connections to RedShift.\n\n\n\n \n\n\n\nProducts must not disclose sensitive information without cause. Disclosure of sensitive information can lead to further exploitation."},{"lang":"es","value":"El producto transmite o almacena credenciales de autenticación, pero utiliza un método inseguro que es susceptible de interceptación y/o recuperación no autorizada. (CWE-522) Las versiones de Hitachi Vantara Pentaho Data Integration &amp; Analytics anteriores a 10.2.0.0 y 9.3.0.8, incluida la 8.3.x, revelan contraseñas de bases de datos al guardar conexiones en RedShift. Los productos no deben revelar información confidencial sin motivo. La divulgación de información confidencial puede dar lugar a una mayor explotación."}],"metrics":{"cvssMetricV31":[{"source":"security.vulnerabilities@hitachivantara.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"security.vulnerabilities@hitachivantara.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://support.pentaho.com/hc/en-us/articles/34296552220941--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-2-0-0-and-9-3-0-8-including-8-3-x-Impacted-CVE-2024-37362","source":"security.vulnerabilities@hitachivantara.com"}]}}]}