CVE-2025-0758

Published: Apr 16, 2025Modified: Apr 17, 2025

6.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Exploitability: 1.8 / Impact: 4.2

Source: security.vulnerabilities@hitachivantara.com (Secondary)

Description

Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732) Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed with Karaf JMX beans enabled and accessible by default. Impact When the vulnerability is leveraged, a user with local execution privileges can access functionality exposed by Karaf beans contained in the product.

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (1)

https://support.pentaho.com/hc/en-us/articles/35781318194061--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Incorrect-Permission-Assignment-for-Critical-Resource-Versions-before-10-2-0-2-including-9-3-x-Impacted-CVE-2025-0758

Source: security.vulnerabilities@hitachivantara.com

Timeline

No history available yet.