CVE-2024-37359 Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery

🗓️ 19 Feb 2025 22:58:57Reported by HITVANType

Vulnerability in Hitachi Vantara Pentaho allows server-side request forgery via unchecked URLs.

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in the insufficient validation of requests at the server-side. This allows attackers to bypass security restrictions and disclose sensitive information.	28 Feb 202500:00	–	bdu_fstec
Circl	CVE-2024-37359	20 Feb 202501:48	–	circl
CNNVD	Hitachi Vantara Pentaho Business Analytics Server 代码问题漏洞	19 Feb 202500:00	–	cnnvd
CVE	CVE-2024-37359	19 Feb 202522:58	–	cve
EUVD	EUVD-2025-4645	3 Oct 202520:07	–	euvd
NVD	CVE-2024-37359	19 Feb 202523:15	–	nvd
Positive Technologies	PT-2025-7409 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server	19 Feb 202500:00	–	ptsecurity
RedhatCVE	CVE-2024-37359	21 Feb 202523:21	–	redhatcve
Vulnrichment	CVE-2024-37359 Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery	19 Feb 202522:58	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Pentaho Data Integration & Analytics",
    "vendor": "Hitachi Vantara",
    "versions": [
      {
        "lessThan": "10.2.0.0",
        "status": "affected",
        "version": "10.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Pentaho Business Analytics Server",
    "vendor": "Hitachi Vantara",
    "versions": [
      {
        "lessThan": "9.3.0.9",
        "status": "affected",
        "version": "1.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
support	www.support.pentaho.com/hc/en-us/articles/34296789835917--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Server-Side-Request-Forgery-Versions-before-10-2-0-0-and-9-3-0-9-including-8-3-x-Impacted-CVE-2024-37359

19 Feb 2025 22:58Current

CVSS 3.18.6

EPSS0.00044

CWE-918