CVE-2025-0758

Опубликовано: 16 апр. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Overview

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732)

Description

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed with Karaf JMX beans enabled and accessible by default.

Impact

When the vulnerability is leveraged, a user with local execution privileges can access functionality exposed by Karaf beans contained in the product.

Ссылки

https://support.pentaho.com/hc/en-us/articles/35781318194061--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Incorrect-Permission-Assignment-for-Critical-Resource-Versions-before-10-2-0-2-including-9-3-x-Impacted-CVE-2025-0758

EPSS

Процентиль: 4%

0.00018

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-732

Связанные уязвимости

GHSA-mfp7-fc9g-2pqp

CVSS3: 6.1

github

10 месяцев назад

Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732) Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed with Karaf JMX beans enabled and accessible by default. Impact When the vulnerability is leveraged, a user with local execution privileges can access functionality exposed by Karaf beans contained in the product.

EPSS

Процентиль: 4%

0.00018

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-732