Hitachi Vantara Pentaho Business Analytics Server Incorrect Authorization Vulnerability Allowing Access Control Bypass

A vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server in versions prior to 10.2.0.0 and 9.3.0.9, including 8.3.x. The issue arises because the product performs authorization checks when accessing resources or actions, but these checks are not applied correctly. This flaw enables attackers to bypass access restrictions. Additionally, the affected versions have modules enabled by default that permit the execution of system-level processes. The incorrect application of access control can result in unauthorized access to data or actions, potentially leading to information exposure and denial-of-service conditions.

Impact

Exploitation of this vulnerability can cause unauthorized access to restricted data or actions, leading to information exposure and possible denial-of-service situations.