Sign-up

ID

VAR-202211-0149


CVE

CVE-2021-45446


TITLE

Hitachi Vantara's  Vantara Pentaho  Improper Permission Preservation Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-020578

DESCRIPTION

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder.   This directory listing provides an attacker with the complete index of all the resources located inside the directory. Hitachi Vantara's Vantara Pentaho contains an improper permissions retention vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-45446 // JVNDB: JVNDB-2021-020578

AFFECTED PRODUCTS

vendor:hitachimodel:vantara pentahoscope:ltversion:8.3.0.25

Trust: 1.0

vendor:hitachimodel:vantara pentahoscope:gteversion:9.2.0.0

Trust: 1.0

vendor:hitachimodel:vantara pentahoscope:ltversion:9.2.0.2

Trust: 1.0

vendor:hitachimodel:vantara pentahoscope:gteversion:8.3.0.0

Trust: 1.0

vendor:日立ヴァンタラmodel:vantara pentahoscope:eqversion:9.2.0.0 that's all 9.2.0.2

Trust: 0.8

vendor:日立ヴァンタラmodel:vantara pentahoscope:eqversion: -

Trust: 0.8

vendor:日立ヴァンタラmodel:vantara pentahoscope:eqversion:8.3.0.0 that's all 8.3.0.25

Trust: 0.8

sources: JVNDB: JVNDB-2021-020578 // NVD: CVE-2021-45446

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-45446
value: HIGH

Trust: 1.0

security.vulnerabilities@hitachivantara.com: CVE-2021-45446
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-45446
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202211-1926
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-45446
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

security.vulnerabilities@hitachivantara.com: CVE-2021-45446
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-45446
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-020578 // CNNVD: CNNVD-202211-1926 // NVD: CVE-2021-45446 // NVD: CVE-2021-45446

PROBLEMTYPE DATA

problemtype:CWE-281

Trust: 1.0

problemtype:CWE-548

Trust: 1.0

problemtype:Improper retention of permissions (CWE-281) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-020578 // NVD: CVE-2021-45446

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-1926

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-1926

PATCH

title:IMPORTANTurl:https://support.pentaho.com/hc/en-us/articles/6744813983501

Trust: 0.8

title:Hitachi Pentaho Business Analytics Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213138

Trust: 0.6

sources: JVNDB: JVNDB-2021-020578 // CNNVD: CNNVD-202211-1926

EXTERNAL IDS

db:NVDid:CVE-2021-45446

Trust: 3.2

db:JVNDBid:JVNDB-2021-020578

Trust: 0.8

db:CNNVDid:CNNVD-202211-1926

Trust: 0.6

sources: JVNDB: JVNDB-2021-020578 // CNNVD: CNNVD-202211-1926 // NVD: CVE-2021-45446

REFERENCES

url:https://support.pentaho.com/hc/en-us/articles/6744813983501

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-45446

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-45446/

Trust: 0.6

sources: JVNDB: JVNDB-2021-020578 // CNNVD: CNNVD-202211-1926 // NVD: CVE-2021-45446

SOURCES

db:JVNDBid:JVNDB-2021-020578
db:CNNVDid:CNNVD-202211-1926
db:NVDid:CVE-2021-45446

LAST UPDATE DATE

2024-08-14T13:42:18.152000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-020578date:2023-11-22T00:46:00
db:CNNVDid:CNNVD-202211-1926date:2023-07-24T00:00:00
db:NVDid:CVE-2021-45446date:2023-11-07T03:39:50.490

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-020578date:2023-11-22T00:00:00
db:CNNVDid:CNNVD-202211-1926date:2022-11-02T00:00:00
db:NVDid:CVE-2021-45446date:2022-11-02T15:15:09.683