Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource

Overview  The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732)  Description  Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed with Karaf JMX beans enabled and accessible by default.  Impact  When the vulnerability is leveraged, a user with local execution privileges can access functionality exposed by Karaf beans contained in the product.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

关键资源的不正确权限授予

Hitachi Vantara Pentaho Business Analytics Server 安全漏洞

Hitachi Vantara Pentaho Business Analytics Server是日本日立制作所（Hitachi）公司的一个现代数据混合、集成和业务分析平台。 Hitachi Vantara Pentaho Business Analytics Server 10.2.0.2之前版本、9.3.x和8.3.x版本存在安全漏洞，该漏洞源于默认启用的Karaf JMX beans可能导致权限不当访问。

N/A

N/A