Hitachi Vantara Pentaho Business Analytics Server Unrestricted Deserialization Vulnerability Allowing Unauthorized Actions

Vulnerability

A vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server in versions prior to 10.2.0.0 and 9.3.0.9, including 8.3.x. The issue arises because the application deserializes untrusted JSON data without properly validating it, allowing for the potential execution of unauthorized actions. This vulnerability is categorized under CWE-502, indicating a flaw related to the deserialization of untrusted data.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed within the application, potentially allowing attackers to manipulate data or application behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hitachi Vantara Pentaho Business Analytics Server Unrestricted Deserialization Vulnerability Allowing Unauthorized Actions

Vulnerability

Impact

Affected Products

Hitachi Vantara Pentaho Business Analytics Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating