admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-373xx/CVE-2024-37362.json
cad-safe-bot 627729c313 Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00

60 lines
2.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-37362",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2025-02-20T00:15:19.630",
"lastModified": "2025-02-20T00:15:19.630",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) \n\n\n\n\u00a0\n\n\n\nHitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when saving connections to RedShift.\n\n\n\n\u00a0\n\n\n\nProducts must not disclose sensitive information without cause. Disclosure of sensitive information can lead to further exploitation."
},
{
"lang": "es",
"value": "El producto transmite o almacena credenciales de autenticaci\u00f3n, pero utiliza un m\u00e9todo inseguro que es susceptible de interceptaci\u00f3n y/o recuperaci\u00f3n no autorizada. (CWE-522) Las versiones de Hitachi Vantara Pentaho Data Integration & Analytics anteriores a 10.2.0.0 y 9.3.0.8, incluida la 8.3.x, revelan contrase\u00f1as de bases de datos al guardar conexiones en RedShift. Los productos no deben revelar informaci\u00f3n confidencial sin motivo. La divulgaci\u00f3n de informaci\u00f3n confidencial puede dar lugar a una mayor explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/34296552220941--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-2-0-0-and-9-3-0-8-including-8-3-x-Impacted-CVE-2024-37362",
"source": "security.vulnerabilities@hitachivantara.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink