Primary

Context

Hitachi Vantara Pentaho Business Analytics Server Karaf JMX Beans Permission Vulnerability

Vulnerability

Patched

A vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2, including 9.3.x and 8.3.x, where Karaf JMX beans are enabled and accessible by default. This configuration allows users with local execution privileges to access functionality exposed by these Karaf beans, potentially leading to unauthorized modification or reading of security-critical resources.

Impact

Exploitation of this vulnerability allows users with local execution privileges to access and manipulate functionality exposed by Karaf JMX beans, which could be used to modify or read sensitive resources within the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

3.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

3.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hitachi Vantara Pentaho Business Analytics Server Karaf JMX Beans Permission Vulnerability

Vulnerability

Impact

Affected Products

Hitachi Vantara Pentaho Business Analytics Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating