CVE-2021-31601 HIGH

CVE-2021-31601

Vendor N/A
Product n/a
Published November 8, 2021
Last update August 3, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:U/UI:N

What the vulnerability does

01Description

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.

Key dates

02Disclosure timeline

November 8, 2021 CVE published
August 3, 2024 Record updated