An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hitachi vantara pentaho |
||
hitachi vantara pentaho business intelligence server |