Authorization Bypass Vulnerability in Hitachi Vantara Pentaho Business Analytics Server
CVE-2024-5705

8.8HIGH

Key Information:

Vendor

Hitachi
Status
Pentaho Data Integration & Analytics
Pentaho Business Analytics Server
Vendor
CVE Published:
19 February 2025

What is CVE-2024-5705?

The Hitachi Vantara Pentaho Business Analytics Server fails to correctly enforce authorization checks, allowing unauthorized users to bypass intended access restrictions. This vulnerability can enable attackers to execute system-level processes and gain unauthorized access to sensitive data, potentially leading to information exposure and disruption of services.

Affected Version(s)

Pentaho Business Analytics Server 1.0 < 9.3.0.9

Pentaho Data Integration & Analytics 10.0 < 10.2.0.0

References

https://support.pentaho.com/hc/en-us/articles/34296615099...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

tuo4n8 & thongvv (GE) from VNG Security Response Center
.
CVE-2024-5705 : Authorization Bypass Vulnerability in Hitachi Vantara Pentaho Business Analytics Server