{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9122", "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13", "state": "PUBLISHED", "assignerShortName": "HITVAN", "dateReserved": "2025-08-18T18:06:40.111Z", "datePublished": "2025-12-15T22:50:42.466Z", "dateUpdated": "2025-12-16T15:10:16.460Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Community Dashboard Framework"], "product": "Pentaho Data Integration and Analytics", "vendor": "Hitachi Vantara", "versions": [{"lessThan": "10.2.0.4", "status": "affected", "version": "1.0", "versionType": "maven"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Hitachi Group Member"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet.</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>"}], "value": "Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet."}], "impacts": [{"capecId": "CAPEC-54", "descriptions": [{"lang": "en", "value": "CAPEC-54 Query System for Information"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13", "shortName": "HITVAN", "dateUpdated": "2025-12-15T22:54:21.557Z"}, "references": [{"url": "https://support.pentaho.com/hc/en-us/articles/41833799577741--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Generation-of-Error-Message-Containing-Sensitive-Information-Versions-before-10-2-0-4-Impacted-CVE-2025-9122"}], "source": {"discovery": "UNKNOWN"}, "title": "Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-16T14:38:37.772980Z", "id": "CVE-2025-9122", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T15:10:16.460Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9122", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-16T14:38:37.772980Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T14:38:39.859Z"}}], "cna": {"title": "Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Hitachi Group Member"}], "impacts": [{"capecId": "CAPEC-54", "descriptions": [{"lang": "en", "value": "CAPEC-54 Query System for Information"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hitachi Vantara", "modules": ["Community Dashboard Framework"], "product": "Pentaho Data Integration and Analytics", "versions": [{"status": "affected", "version": "1.0", "lessThan": "10.2.0.4", "versionType": "maven"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.pentaho.com/hc/en-us/articles/41833799577741--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Generation-of-Error-Message-Containing-Sensitive-Information-Versions-before-10-2-0-4-Impacted-CVE-2025-9122"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet.</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13", "shortName": "HITVAN", "dateUpdated": "2025-12-15T22:54:21.557Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9122", "state": "PUBLISHED", "dateUpdated": "2025-12-16T15:10:16.460Z", "dateReserved": "2025-08-18T18:06:40.111Z", "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13", "datePublished": "2025-12-15T22:50:42.466Z", "assignerShortName": "HITVAN"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet."}], "id": "CVE-2025-9122", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security.vulnerabilities@hitachivantara.com", "type": "Secondary"}]}, "published": "2025-12-15T23:15:57.737", "references": [{"source": "security.vulnerabilities@hitachivantara.com", "url": "https://support.pentaho.com/hc/en-us/articles/41833799577741--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Generation-of-Error-Message-Containing-Sensitive-Information-Versions-before-10-2-0-4-Impacted-CVE-2025-9122"}], "sourceIdentifier": "security.vulnerabilities@hitachivantara.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "security.vulnerabilities@hitachivantara.com", "type": "Secondary"}]}

{}

{"created": "2025-12-16T17:11:20.407366+00:00", "updated": "2025-12-16T17:11:20.407396+00:00", "vendors": ["hitachi", "hitachi$PRODUCT$vantara_pentaho_data_integration_and_analytics"]}