What is the severity of CVE-2024-6696?

CVE-2024-6696 has been classified with a significant severity due to its potential impact on data protection and system integrity.

What does CVE-2024-6696 affect?

CVE-2024-6696 affects specific versions of the Hitachi Vantara Pentaho Business Analytics Server, particularly versions earlier than 10.2.0.0, 9.3.0.9, and 8.3.x.

What kind of risk does CVE-2024-6696 pose?

CVE-2024-6696 poses a risk by allowing untrusted agents to exploit insufficient access controls, potentially leading to unauthorized reads and writes.

Is CVE-2024-6696 a common vulnerability?

While CVE-2024-6696 is specific to certain versions of Hitachi Vantara Pentaho, it reflects a common issue found in many software systems regarding access control granularity.

Vulnerability/
CVE-2024-6696

medium

4.9

CWE

1220

19/2/2025

20/2/2025

CVE-2024-6696: Hitachi Vantara Pentaho Business Analytics Server - Insufficient Granularity of Access Control

First published: Wed Feb 19 2025(Updated: )

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. (CWE-1220) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not correctly perform an authorization check in the user console trash content An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network.

Credit: security.vulnerabilities@hitachivantara.com

Affected Software	Affected Version	How to fix
Hitachi Vantara Pentaho Business Intelligence Server	<10.2.0.0<9.3.0.9>=8.3.0

Never miss a vulnerability like this again

Reference Links

https://support.pentaho.com/hc/en-us/articles/34296877157517--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Insufficient-Granularity-of-Access-Control-Versions-before-10-2-0-0-and-9-3-0-9-including-8-3-x-Impacted-CVE-2024-6696

Frequently Asked Questions

What is the severity of CVE-2024-6696?
CVE-2024-6696 has been classified with a significant severity due to its potential impact on data protection and system integrity.
How do I fix CVE-2024-6696?
To remediate CVE-2024-6696, ensure you upgrade the Hitachi Vantara Pentaho Business Analytics Server to version 10.2.0.0 or 9.3.0.9, or apply the latest patches.
What does CVE-2024-6696 affect?
CVE-2024-6696 affects specific versions of the Hitachi Vantara Pentaho Business Analytics Server, particularly versions earlier than 10.2.0.0, 9.3.0.9, and 8.3.x.
What kind of risk does CVE-2024-6696 pose?
CVE-2024-6696 poses a risk by allowing untrusted agents to exploit insufficient access controls, potentially leading to unauthorized reads and writes.
Is CVE-2024-6696 a common vulnerability?
While CVE-2024-6696 is specific to certain versions of Hitachi Vantara Pentaho, it reflects a common issue found in many software systems regarding access control granularity.

collector/nvd-api
source/NVD
agent/references
agent/weakness
agent/description
agent/type
agent/author
collector/mitre-cve
source/MITRE
agent/title
agent/last-modified-date
agent/source
agent/first-publish-date
agent/severity
agent/event
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/hitachi vantara
canonical/hitachi vantara pentaho business intelligence server

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.