CVE-2024-37362

Published Feb 20, 2025

Last updated 8 days ago

CVSS medium 6.3

Overview

Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522)   Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when saving connections to RedShift.   Products must not disclose sensitive information without cause. Disclosure of sensitive information can lead to further exploitation.
Source
security.vulnerabilities@hitachivantara.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.3
Impact score
3.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Severity
MEDIUM

Weaknesses

security.vulnerabilities@hitachivantara.com
CWE-522

Social media

Hype score
Not currently trending

  1. CVE-2024-37362 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522… https://t.co/na6IH0pNfM

    @CVEnew

    19 Feb 2025

    479 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References