CVE-2024-37363

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.0 and 9.3.0.8, including 8.3.x

Description The product does not perform an authorization check when an actor attempts to access a resource or perform an action. This can lead to a wide range of problems, including information exposures and denial of service, as users can access data or perform actions that they should not be allowed to perform.

Recommendations For versions prior to 10.2.0.0, update to version 10.2.0.0 or later. For versions prior to 9.3.0.8, update to version 9.3.0.8 or later. As a temporary workaround, consider restricting access to the data source management service until a patch is available. Restrict access to sensitive data and resources to minimize the risk of exploitation.