An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hitachi vantara pentaho |
||
hitachi vantara pentaho business intelligence server |