CVE-2024-6696 — MEDIUM (4.9)

Vulnerability Description

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. (CWE-1220) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not correctly perform an authorization check in the user console trash content An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Related Weaknesses (CWE)

CWE-1220

References

https://support.pentaho.com/hc/en-us/articles/34296877157517--Resolved-Hitachi-V

FAQ

What is CVE-2024-6696?

CVE-2024-6696 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, impl...

How severe is CVE-2024-6696?

CVE-2024-6696 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-6696?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.