Medium severity6.5NVD Advisory· Published Feb 20, 2025· Updated Apr 15, 2026

CVE-2024-37363

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862)

Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an authorization check in the data source management service.

When access control checks are incorrectly applied, users can access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures and denial of service.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.pentaho.com/hc/en-us/articles/34296230504589--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Incorrect-Authorization-Versions-before-10-2-0-0-and-9-3-0-8-including-8-3-x-Impacted-CVE-2024-37363nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000