Vulnerability Details : CVE-2023-5617
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.
Products affected by CVE-2023-5617
- cpe:2.3:a:hitachi:vantara_pentaho_data_integration_and_analytics:*:*:*:*:*:*:*:*
- Hitachi » Vantara Pentaho Data Integration And AnalyticsVersions from including (>=) 9.4.0.0 and before (<) 10.1.0.0cpe:2.3:a:hitachi:vantara_pentaho_data_integration_and_analytics:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-5617
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-5617
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST | 2025-02-14 |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
Hitachi Vantara | 2024-02-28 |
CWE ids for CVE-2023-5617
-
The product generates an error message that includes sensitive information about its environment, users, or associated data.Assigned by: nvd@nist.gov (Primary)
-
Certain conditions, such as network failure, will cause a server error message to be displayed.Assigned by: security.vulnerabilities@hitachivantara.com (Secondary)
References for CVE-2023-5617
-
https://support.pentaho.com/hc/en-us/articles/24313358254861--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Server-generated-Error-Message-Containing-Sensitive-Information-Versions-before-10-1-0-0-and-9-3-0-6-including-all-versions-before-10-0-x-Impacted-CVE-2023-5617
(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information - Versions before 10.1.0.0 and 9.3.0.6, including all versions beforeVendor Advisory
Jump to