Improper Permission Handling in Hitachi Vantara Pentaho Business Analytics Server
CVE-2024-6697

6.5MEDIUM

Key Information:

Vendor: Hitachi
Status: Pentaho Data Integration & Analytics; Pentaho Business Analytics Server
Vendor: CVE Published:; 20 February 2025

Summary

Hitachi Vantara Pentaho Business Analytics Server fails to properly handle insufficient permissions, which allows an adversary to exploit legitimate application functionalities. This can result in unexpected code execution paths and may leave the server in an unstable state, ultimately leading to denial of service. It is crucial for users of affected versions to implement timely updates to safeguard against potential exploitation.

Affected Version(s)

Pentaho Business Analytics Server 1.0 < 9.3.0.9

Pentaho Data Integration & Analytics 10.0 < 10.2.0.0

References

https://support.pentaho.com/hc/en-us/articles/34296654642...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2025