Issue

A newly found IoT vulnerability called Ripple20 (CVE-2020-11896) has raised concern among some users of Pentaho that they may be at-risk.

Multiple NetApp products implement TCP using the Treck TCP/IP library prior to 6.0.1.66 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

Hitachi Vantara has conducted an extensive review of our products and determined the vulnerabilities including remote code execution identified in CVE-2020-11896 do not affect Pentaho.

If you have any questions, please check the National Vulnerability Database information, or visit Pentaho’s Support Portal and open a ticket referencing this article.