CVE-2024-6696

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.0 and 9.3.0.9, including 8.3.x

Description The product implements access controls via a policy or other feature with the intention to disable or restrict accesses to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network.

Recommendations For Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.0, update to version 10.2.0.0 or later to resolve the issue. For Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.9, update to version 9.3.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the user console trash content to minimize the risk of exploitation.