CVE-2024-37363 — MEDIUM (6.5)

Vulnerability Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an authorization check in the data source management service. When access control checks are incorrectly applied, users can access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures and denial of service.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Related Weaknesses (CWE)

CWE-862

References

https://support.pentaho.com/hc/en-us/articles/34296230504589--Resolved-Hitachi-V

FAQ

What is CVE-2024-37363?

CVE-2024-37363 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862) Hitachi Vantara Pentaho Business Analytics Server versions before...

How severe is CVE-2024-37363?

CVE-2024-37363 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-37363?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.