Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization

CVE-2023-1158

4.3MEDIUM

Key Information

Vendor: Hitachi
Status: Pentaho Business Analytics Server
Vendor: CVE Published:; 24 May 2023

Summary

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list.

Affected Version(s)

Pentaho Business Analytics Server < 9.3.0.3

Pentaho Business Analytics Server < 9.4.0.1

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 24, 2023
Vulnerability Reserved.
Mar 2, 2023

Collectors

NVD DatabaseMitre Database

Credit

Hitachi Group Member