{"api_version":"1","generated_at":"2026-04-23T04:34:28+00:00","cve":"CVE-2021-45446","urls":{"html":"https://cve.report/CVE-2021-45446","api":"https://cve.report/api/cve/CVE-2021-45446.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-45446","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-45446"},"summary":{"title":"CVE-2021-45446","description":"A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.","state":"PUBLIC","assigner":"security.vulnerabilities@hitachivantara.com","published_at":"2022-11-02 15:15:00","updated_at":"2023-11-07 03:39:00"},"problem_types":["CWE-281"],"metrics":[],"references":[{"url":"https://support.pentaho.com/hc/en-us/articles/6744813983501","name":"https://support.pentaho.com/hc/en-us/articles/6744813983501","refsource":"MISC","tags":[],"title":"Security check","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-45446","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45446","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"45446","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hitachi","cpe5":"vantara_pentaho","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2021-45446","ASSIGNER":"security.vulnerabilities@hitachivantara.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-548","cweId":"CWE-548"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Hitachi Vantara","product":{"product_data":[{"product_name":"Pentaho Business Analytics Server","version":{"version_data":[{"version_value":"1.0","version_affected":"="},{"version_value":"9.0","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://support.pentaho.com/hc/en-us/articles/6744813983501","refsource":"MISC","name":"https://support.pentaho.com/hc/en-us/articles/6744813983501"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2022-11-02 15:15:00","lastModifiedDate":"2023-11-07 03:39:00","problem_types":["CWE-281"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*","versionStartIncluding":"8.3.0.0","versionEndExcluding":"8.3.0.25","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*","versionStartIncluding":"9.2.0.0","versionEndExcluding":"9.2.0.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"45446","Ordinal":"223575","Title":"CVE-2021-45446","CVE":"CVE-2021-45446","Year":"2021"},"notes":[]}}}