MEDIUM🇬🇧 English

CVE-2026-2255

CVSS 4.3v3.1pub. 2026-05-27upd. 2026-06-18

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Hitachi Vantara Pentaho Data Integration And Analytics

    APP
    Hitachi
    8.39.3< 10.2.0.7< 11.0.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-11159CRITICAL9.1PL ✓ten sam produkt

Hitachi Vantara Pentaho – RCE przez podatny sterownik JDBC H2

CVE-2025-11158CRITICAL9.1PL ✓ten sam produkt

RCE przez brak restrykcji skryptów Groovy w raportach PRPT — Pentaho

CVE-2026-2253HIGH7.7ten sam produkt

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x an...

CVE-2026-2254MEDIUM6.3ten sam produkt

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x an...

CVE-2023-5617MEDIUM5.3ten sam produkt

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x an...