CVE-2022-43941

Summary

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 

Affected Software

VendorProductVersion RangeStatus
Hitachi VantaraPentaho Business Analytics Server1.0 < 9.3.0.2affected
Hitachi VantaraPentaho Business Analytics Server9.4.0.0 < 9.4.0.1affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References