CVE-2023-1158

Summary

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 

Affected Software

VendorProductVersion RangeStatus
Hitachi VantaraPentaho Business Analytics Server1.0 < 9.3.0.3affected
Hitachi VantaraPentaho Business Analytics Server9.4.0.0 < 9.4.0.1affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References