VDB

CISA-2022-43769

CISA-2022-43769 PUBLISHED CVSS 8.8 HIGH

Reported by HITVAN · Published April 3, 2023

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.

Risk Scores

CVSS 3.1
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Hitachi VantaraPentaho Business Analytics Server1.0, 9.4.0.0
Hitachi VantaraPentaho Business Analytics Server1.0, 9.4.0.0, 1.0

Timeline

  • Apr 3, 2023 CVE Published
  • Oct 21, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›