Pentaho

Customer Portal

Get a grip on your data

With battle-tested solutions and a focus on foundational strength,

Pentaho+ helps you meet the challenges of an AI-driven world.

(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information - Versions before 10.1.0.0 and 9.3.0.6, including all versions before 10.0.x Impacted (CVE-2023-5617)

Overview 

Certain conditions, such as network failure, will cause a server error message to be displayed. (CWE-550)

 

Products Affected 

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including all versions before 10.0.x

 

Description 

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including all versions before 10.1, display the version of Tomcat when a server error is encountered.

 

Impact 

While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems. 

 

Action  

We recommend you upgrade to the latest Hitachi Vantara Pentaho Data Integration & Analytics version 9.3 (Long Term Support Release) with 9.3.0.6 or newer applied, or the latest 10.1 release or newer.

Please review the Pentaho End-of-Life policy to ensure you are up to date.

 


Internal Notes: (Non Customer View-able - Non Confidential)

This issue is logged under JIRA PPP-4956

Comments