CVE-2022-43769

HIGHCISA KEV

8.8

Beschreibung

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.

CVE Details

CVSS v3.1 Bewertung8.8

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht4/3/2023

Zuletzt geandert10/24/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerHitachi Vantara

ProduktPentaho Business Analytics (BA) Server

SchwachstellennameHitachi Vantara Pentaho BA Server Special Element Injection Vulnerability

KEV Aufnahmedatum2025-03-03

Behebungsfrist2025-03-24

Ransomware-NutzungUnknown

Betroffene Produkte

hitachi:vantara_pentaho_business_analytics_server

Schwachen (CWE)

CWE-74CWE-94

Referenzen

http://packetstormsecurity.com/files/172296/Pentaho-Business-Server-Authentication-Bypass-SSTI-Code-Execution.html(security.vulnerabilities@hitachivantara.com)

https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769-(security.vulnerabilities@hitachivantara.com)

http://packetstormsecurity.com/files/172296/Pentaho-Business-Server-Authentication-Bypass-SSTI-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-43769(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.