CVE-2024-37359

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Feb 19, 2025

CWE ID 918

Summary

CVE-2024-37359 is a vulnerability affecting Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.0 and 9.3.0.9, including 8.3.x. This issue stems from the server's failure to validate the Host header of incoming HTTP/HTTPS requests (CWE-918). Attackers can exploit this flaw by supplying unexpected URLs or ports. By doing so, they may bypass access controls such as firewalls and use the server as a proxy to conduct port scanning, access documents, or employ other protocols like gopher or tftp, potentially gaining unauthorized control over the system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wUdNHI
https://www.cve.org/CVERecord?id=CVE-2024-37359
https://nvd.nist.gov/vuln/detail/CVE-2024-37359

Back to Vulnerability Database

CVE-2024-37359

CVSS 3.1 Score 8.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations