Vulnerabilities > CVE-2021-45446 - Improper Preservation of Permissions vulnerability in Hitachi Vantara Pentaho 8.3.0.0/8.3.0.25/8.3.0.9

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
hitachi
CWE-281

Summary

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder.  This directory listing provides an attacker with the complete index of all the resources located inside the directory.

Common Weakness Enumeration (CWE)