CVE-2022-43769

Summary

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.

Affected Software

VendorProductVersion RangeStatus
Hitachi VantaraPentaho Business Analytics Server1.0 < 9.3.0.2affected
Hitachi VantaraPentaho Business Analytics Server9.4.0.0 < 9.4.0.1affected

Weaknesses

  • CWE-74: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References