Authorization Bypass in Hitachi Vantara Pentaho Business Analytics Server
CVE-2024-37363

6.5MEDIUM

Key Information:

Vendor: Hitachi
Status: Pentaho Data Integration & Analytics; Pentaho Business Analytics Server
Vendor: CVE Published:; 20 February 2025

Summary

Inversions prior to 10.2.0.0 and 9.3.0.8 of the Hitachi Vantara Pentaho Business Analytics Server exhibit a vulnerability where the system fails to perform necessary authorization checks when users attempt to access resources or execute actions within the data source management service. This flaw can permit unauthorized access, leading to potential information exposure and misuse of sensitive data.

Affected Version(s)

Pentaho Business Analytics Server 1.0 < 9.3.0.8

Pentaho Data Integration & Analytics 10.0 < 10.2.0.0

References

https://support.pentaho.com/hc/en-us/articles/34296230504...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2025