MEDIUM🇵🇱 Wersja polska

CVE-2026-2255

CVSS 4.3v3.1pub. 2026-05-27upd. 2026-06-18

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Hitachi Vantara Pentaho Data Integration And Analytics

    APP
    Hitachi
    8.39.3< 10.2.0.7< 11.0.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-11159CRITICAL9.1PL ✓ten sam produkt

Hitachi Vantara Pentaho – RCE przez podatny sterownik JDBC H2

CVE-2025-11158CRITICAL9.1PL ✓ten sam produkt

RCE przez brak restrykcji skryptów Groovy w raportach PRPT — Pentaho

CVE-2026-2253HIGH7.7ten sam produkt

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x an...

CVE-2026-2254MEDIUM6.3ten sam produkt

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x an...

CVE-2023-5617MEDIUM5.3ten sam produkt

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x an...