CVE-2024-5705 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. (CWE-863) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, have modules enabled by default that allow execution of system level processes. When access control checks are incorrectly applied, users can access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures and denial of service.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-863

References

https://support.pentaho.com/hc/en-us/articles/34296615099405--Resolved-Hitachi-V

FAQ

What is CVE-2024-5705?

CVE-2024-5705 is a vulnerability with a CVSS score of 8.8 (HIGH). The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended acce...

How severe is CVE-2024-5705?

CVE-2024-5705 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-5705?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.