Improper Permission Handling in Hitachi Vantara Pentaho Business Analytics Server
CVE-2024-6697

6.5MEDIUM

Key Information:

Vendor: Hitachi
Status: Pentaho Data Integration & Analytics; Pentaho Business Analytics Server
Vendor: CVE Published:; 20 February 2025

What is CVE-2024-6697?

Hitachi Vantara Pentaho Business Analytics Server fails to properly handle insufficient permissions, which allows an adversary to exploit legitimate application functionalities. This can result in unexpected code execution paths and may leave the server in an unstable state, ultimately leading to denial of service. It is crucial for users of affected versions to implement timely updates to safeguard against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Pentaho Business Analytics Server 1.0 < 9.3.0.9

Pentaho Data Integration & Analytics 10.0 < 10.2.0.0

References

https://support.pentaho.com/hc/en-us/articles/34296654642...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2025

JSON

Hitachi

What is CVE-2024-6697?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.