We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-0758

Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource



Description

Overview  The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732)  Description  Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed with Karaf JMX beans enabled and accessible by default.  Impact  When the vulnerability is leveraged, a user with local execution privileges can access functionality exposed by Karaf beans contained in the product.

Reserved 2025-01-27 | Published 2025-04-16 | Updated 2025-04-17 | Assigner HITVAN


MEDIUM: 6.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status
unaffected

1.0
affected

10.0 before 10.2.0.2
affected

Credits

Hitachi Group Member finder

References

support.pentaho.com/...ncluding-9-3-x-Impacted-CVE-2025-0758

cve.org (CVE-2025-0758)

nvd.nist.gov (CVE-2025-0758)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-0758

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.