CVE-2021-45446

HIGH Year: 2021
CVSS v3 Score
7.5
High
Weakness Type
CWE-548
View all →

Vulnerability Description

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.

Related Vulnerabilities

CVE-2016-15019

HIGH
CVSS:7.5(High)

A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information thr...

CWE-5482016

CVE-2017-6045

HIGH
CVSS:7.5(High)

An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain ...

CWE-5482017

CVE-2018-10590

HIGH
CVSS:7.5(High)

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce...

CWE-5482018

CVE-2018-14785

HIGH
CVSS:7.5(High)

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication.

CWE-5482018

CVE-2018-16493

HIGH
CVSS:7.5(High)

A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.

CWE-5482018

CVE-2019-5415

HIGH
CVSS:7.5(High)

A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.

CWE-5482019