Vulnerability CVE-2022-43769

Vulnerability CVE-2022-43769

Published: 2023-04-03

Description:

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.

See advisories in our WLB2 database:

	Topic	Author	Date
High	Pentaho Business Server Authentication Bypass / SSTI / Code Execution	jheysel-r7	11.05.2023

References:

https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769

Vulnerability CVE-2022-43769

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.

See advisories in our WLB2 database:

High

Pentaho Business Server Authentication Bypass / SSTI / Code Execution

References: