Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-45446
PUBLISHED
More InfoOfficial Page
Assigner-HITVAN
Assigner Org ID-dce6e192-ff49-4263-9134-f0beccb9bc13
View Known Exploited Vulnerability (KEV) details
Published At-02 Nov, 2022 | 14:26
Updated At-02 May, 2025 | 15:52
Rejected At-
▼CVE Numbering Authority (CNA)
Pentaho Business Analytics Server - Exposure of Information Through Directory Listing

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder.  This directory listing provides an attacker with the complete index of all the resources located inside the directory.

Affected Products
Vendor
Hitachi Vantara LLCHitachi Vantara
Product
Pentaho Business Analytics Server
Default Status
unaffected
Versions
Affected
  • From 1.0 before 8.3.0.25 (ALL)
  • From 9.0 before 9.2.0.2 (ALL)
Problem Types
TypeCWE IDDescription
CWECWE-548CWE-548
Metrics
VersionBase scoreBase severityVector
3.15.0MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
N/AA directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.pentaho.com/hc/en-us/articles/6744813983501
N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.pentaho.com/hc/en-us/articles/6744813983501
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found