VDB
CISA-2022-43769
CISA-2022-43769
PUBLISHED
CVSS 8.8 HIGH
Reported by HITVAN · Published April 3, 2023
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
Risk Scores
CVSS 3.1
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitachi Vantara | Pentaho Business Analytics Server | 1.0, 9.4.0.0 |
| Hitachi Vantara | Pentaho Business Analytics Server | 1.0, 9.4.0.0, 1.0 |
Timeline
- Apr 3, 2023 CVE Published
- Oct 21, 2025 CVE Updated