Authorization Bypass Vulnerability in Hitachi Vantara Pentaho Business Analytics Server
CVE-2024-5705

8.8HIGH

Key Information:

Vendor: Hitachi
Status: Pentaho Data Integration & Analytics; Pentaho Business Analytics Server
Vendor: CVE Published:; 19 February 2025

Summary

The Hitachi Vantara Pentaho Business Analytics Server fails to correctly enforce authorization checks, allowing unauthorized users to bypass intended access restrictions. This vulnerability can enable attackers to execute system-level processes and gain unauthorized access to sensitive data, potentially leading to information exposure and disruption of services.

Affected Version(s)

Pentaho Business Analytics Server 1.0 < 9.3.0.9

Pentaho Data Integration & Analytics 10.0 < 10.2.0.0

References

https://support.pentaho.com/hc/en-us/articles/34296615099...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 19, 2025
Vulnerability Reserved
Jun 6, 2024

Credit

tuo4n8 & thongvv (GE) from VNG Security Response Center