Overview
Certain conditions, such as network failure, will cause a server error message to be displayed. (CWE-550)
Products Affected
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including all versions before 10.0.x
Description
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including all versions before 10.1, display the version of Tomcat when a server error is encountered.
Impact
While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.
Action
We recommend you upgrade to the latest Hitachi Vantara Pentaho Data Integration & Analytics version 9.3 (Long Term Support Release) with 9.3.0.6 or newer applied, or the latest 10.1 release or newer.
Please review the Pentaho End-of-Life policy to ensure you are up to date.
Comments