Vulnerability CVE-2022-43769


Published: 2023-04-03

Description:
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.

See advisories in our WLB2 database:
Topic
Author
Date
High
Pentaho Business Server Authentication Bypass / SSTI / Code Execution
jheysel-r7
11.05.2023

 References:
https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769
-

Copyright 2024, cxsecurity.com

 

Back to Top