cbcvebase.
CVE-2024-37362
published 2025-02-20

CVE-2024-37362: The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval…

PriorityP335medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.27%
17.8th percentile
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when saving connections to RedShift. Products must not disclose sensitive information without cause. Disclosure of sensitive information can lead to further exploitation.

Affected

2 ranges
VendorProductVersion rangeFixed in
hitachi_vantarapentaho_business_analytics_server>= 1.0 < 9.3.0.89.3.0.8
hitachi_vantarapentaho_data_integration_analytics>= 10.0 < 10.2.0.010.2.0.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.