Primary

Context

Hitachi Vantara Pentaho Business Analytics Server Access Control Vulnerability in User Console Trash

Vulnerability

Patched

A vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server in versions prior to 10.2.0.0 and 9.3.0.9, including 8.3.x. The issue arises from access controls that are too broad, allowing unauthorized agents to access security-sensitive assets. Specifically, the authorization check in the user console trash content is insufficient, enabling attackers to bypass intended protections and gain unauthorized access.

Impact

Exploitation of this vulnerability allows for unauthorized access to security-sensitive assets by bypassing access control measures.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hitachi Vantara Pentaho Business Analytics Server Access Control Vulnerability in User Console Trash

Vulnerability

Impact

Affected Products

Hitachi Vantara Pentaho Business Analytics Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating