Hitachi Vantara Pentaho Data Integration & Analytics

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.

Basic Information

ID CVE-2026-2255

Source HITVAN

Published May 27, 2026 at 02:51

Modified May 27, 2026 at 02:57

Affected Product

Vendor Hitachi Vantara

Product Pentaho Data Integration and Analytics

Version 1.0

Affected Versions Hitachi Vantara Pentaho Data Integration and Analytics 1.0
Hitachi Vantara Pentaho Data Integration and Analytics 10.0

CWE Classification

CWE-522

References

support.pentaho.com /hc/en-us/articles/45672235545101--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2255

{
    "lastseen": "",
    "description": "Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although\u00a0the user should not see those explicitly, the defect is mitigated by the fact the user can already\u00a0leverage those credentials to submit jobs under the same account through the backend API.",
    "published": "2026-05-27T02:51:31.793Z",
    "modified": "2026-05-27T02:57:46.206Z",
    "type": "cve",
    "title": "Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials",
    "source": "HITVAN",
    "references": "https://support.pentaho.com/hc/en-us/articles/45672235545101--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2255",
    "id": "CVE-2026-2255",
    "bulletinFamily": "",
    "cwe": [
        "CWE-522"
    ],
    "cvelist": null,
    "sourceData": "Hitachi Vantara Pentaho Data Integration and Analytics 1.0\nHitachi Vantara Pentaho Data Integration and Analytics 10.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pentaho Data Integration and Analytics",
    "version": "1.0",
    "vendor": "Hitachi Vantara",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Hitachi Vantara Pentaho Data Integration & Analytics – Insufficiently Protected Credentials_CVE-2026-2255