Summary: Hitachi Vantara has released a security advisory for a critical vulnerability, CVE-2024-37361, affecting its Pentaho Business Analytics Server, with a CVSS score of 9.9. The vulnerability allows for the deserialization of untrusted JSON data, potentially leading to arbitrary code execution. Users are urged to upgrade to the latest versions or apply interim mitigation measures to secure their systems.
Affected: Hitachi Vantara Pentaho Business Analytics Server
Keypoints :
- Vulnerability CVE-2024-37361 allows deserialization of untrusted data, enabling unauthorized actions.
- Affects versions prior to 10.2.0.0 and 9.3.0.9, including 8.3.x.
- Recommended actions include removing the Pentaho Interactive Reporting plugin and upgrading to the latest versions.
- Other vulnerabilities patched in updates include CVE-2024-37360 (Cross-site Scripting) and CVE-2024-37363 (Authorization Bypass).