CVE-2024-6697

Hitachi Vantara Pentaho Business Analytics Server - Improper Handling of Insufficient Permissions or Privileges

Description

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. (CWE-280) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not handle invalid and missing permissions correctly, resulting in a denial of service. An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact.

References

Link	Tags
https://support.pentaho.com/hc/en-us/articles/34296654642701--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Handling-of-Insufficient-Permissions-or-Privileges-Versions-before-10-2-0-0-and-9-3-0-9-including-8-3-x-Impacted-CVE-2024-6697

Frequently Asked Questions

What is the severity of CVE-2024-6697?: CVE-2024-6697 has been scored as a medium severity vulnerability.
How to fix CVE-2024-6697?: To fix CVE-2024-6697, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-6697 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-6697 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-6697?: CVE-2024-6697 affects Hitachi Vantara Pentaho Data Integration & Analytics, Hitachi Vantara Pentaho Business Analytics Server.

Description

Category

CWE-280 – Improper Handling of Insufficient Permissions or Privileges

References

Frequently Asked Questions