CVE-2024-5705— Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-5705
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization
Source: NVD (National Vulnerability Database)
Vulnerability Description
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. (CWE-863) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, have modules enabled by default that allow execution of system level processes. When access control checks are incorrectly applied, users can access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures and denial of service.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Hitachi Vantara Pentaho Business Analytics Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Hitachi Vantara Pentaho Business Analytics Server是日本日立制作所(Hitachi)公司的一个现代数据混合、集成和业务分析平台。 Hitachi Vantara Pentaho Business Analytics Server存在安全漏洞,该漏洞源于存在授权检查不正确,从而允许攻击者绕过访问限制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration & Analytics | 10.0 ~ 10.2.0.0 | - | |
| Hitachi Vantara | Pentaho Business Analytics Server | 1.0 ~ 9.3.0.9 | - |
II. Public POCs for CVE-2024-5705
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-5705
请登录查看更多情报信息。
Same Patch Batch · Hitachi Vantara · 2025-02-19 · 9 CVEs total
| CVE-2024-37361 | 9.9 CRITICAL | Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data |
| CVE-2024-5706 | 8.8 HIGH | Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identi |
| CVE-2024-37359 | 8.6 HIGH | Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery |
| CVE-2024-6697 | 6.5 MEDIUM | Hitachi Vantara Pentaho Business Analytics Server - Improper Handling of Insufficient Perm |
| CVE-2024-37363 | 6.5 MEDIUM | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization |
| CVE-2024-37362 | 6.3 MEDIUM | Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credential |
| CVE-2024-6696 | 4.9 MEDIUM | Hitachi Vantara Pentaho Business Analytics Server - Insufficient Granularity of Access Con |
| CVE-2024-37360 | 4.4 MEDIUM | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input Durin |
IV. Related Vulnerabilities
Same product: Pentaho Data Integration & Analytics
- CVE-2025-24907
Hitachi Vantara Pentaho Data Integration & Analytics – Path - CVE-2025-24908
Hitachi Vantara Pentaho Data Integration & Analytics – Path - CVE-2025-0756
Hitachi Vantara Pentaho Data Integration & Analytics - Impro - CVE-2024-37363
Hitachi Vantara Pentaho Business Analytics Server - Incorrec - CVE-2024-37362
Hitachi Vantara Pentaho Data Integration & Analytics - Insuf
Same vendor: Hitachi Vantara
- CVE-2025-11158
Hitachi Vantara Pentaho Data Integration & Analytics - Missi - CVE-2025-9121
Hitachi Vantara Pentaho Business Analytics Server - Deserial - CVE-2025-9122
Hitachi Vantara Pentaho Business Analytics Server - Generati - CVE-2025-24907
Hitachi Vantara Pentaho Data Integration & Analytics – Path - CVE-2025-24911
Hitachi Vantara Pentaho Business Analytics Server - Improper
Same weakness: CWE-863
- CVE-2026-42571
Privilege Escalation Attack affecting Pelican Web UI - CVE-2025-15633
HCL BigFix WebUI is affected by an improper authorization vu - CVE-2026-42296
Argo Workflows has incomplete fix for CVE-2026-31892: hostNe - CVE-2025-66170
Apache CloudStack: Any user can list backups that they shoul - CVE-2026-41903
FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifyi
V. Comments for CVE-2024-5705
No comments yet