Pentaho

Customer Portal

Pentaho for the data driven.

Data fit companies are fast, accurate and efficient.

Data fit companies innovate and win.

Your data and success is mission critical. Pentaho is for mission critical.

(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information - Versions before 10.1.0.0 and 9.3.0.6, including all versions before 10.0.x Impacted (CVE-2023-5617)

Overview 

Certain conditions, such as network failure, will cause a server error message to be displayed. (CWE-550)

 

Products Affected 

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including all versions before 10.0.x

 

Description 

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including all versions before 10.1, display the version of Tomcat when a server error is encountered.

 

Impact 

While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems. 

 

Action  

We recommend you upgrade to the latest Hitachi Vantara Pentaho Data Integration & Analytics version 9.3 (Long Term Support Release) with 9.3.0.6 or newer applied, or the latest 10.1 release or newer.

Please review the Pentaho End-of-Life policy to ensure you are up to date.

 


Internal Notes: (Non Customer View-able - Non Confidential)

This issue is logged under JIRA PPP-4956

Comments