Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
Hitachi Vantara Pentaho 安全漏洞
Vulnerability Description
Hitachi Vantara Pentaho是日本Hitachi公司的一款用于大数据环境中对数据进行存储和管理的服务。 Hitachi Vantara Pentaho Business Analytics 9.1以及之前版本存在安全漏洞,该漏洞源于Pentaho使用SOAP协议实现了一系列web服务,以允许与后端服务器进行脚本交互。虽然大多数接口正确地实现了ACL,但位于/pentaho/webservices/datasourceMgmtService的数据源管理服务允许低权限身份验证的用户列出pen
CVSS Information
N/A
Vulnerability Type
N/A