Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization
CVE-2023-1158

4.3MEDIUM

Key Information:

Vendor: Hitachi
Status: Pentaho Business Analytics Server
Vendor: CVE Published:; 24 May 2023

Summary

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list.

Affected Version(s)

Pentaho Business Analytics Server 1.0 < 9.3.0.3

Pentaho Business Analytics Server 9.4.0.0 < 9.4.0.1

References

https://support.pentaho.com/hc/en-us/articles/14456024873...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2023
Vulnerability Reserved
Mar 2, 2023

Credit

Hitachi Group Member