VDB
CVE-2022-43939
CVE-2022-43939
PUBLISHED
KEV
CVSS 8.600000381469727 HIGH
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
EPSS 93.25% · 99.8th percentile
Risk Scores
CVSS v3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS Score
93.25%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| hitachi | vantara_pentaho_business_analytics_server | 0, 9.4.0.0 |
| Hitachi Vantara | Pentaho Business Analytics Server | 9.4.0.0, 1.0 |
Timeline
- Jan 20, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Aug 12, 2021 CrowdSec Sighting
- Mar 9, 2023 CrowdSec Sighting
- Apr 3, 2023 CVE Published
- Apr 4, 2023 EPSS Score
- Apr 5, 2023 PoC Published
- Apr 5, 2023 CrowdSec Sighting
- May 11, 2023 PoC Published
- Aug 10, 2023 CrowdSec Sighting
- Nov 8, 2024 PoC Published
- Nov 13, 2024 PoC Published
References
- https://support.pentaho.com/hc/en-us/articles/14455394120333--Resolved-Pentaho-BA-Server-Use-of-Non-Canonical-URL-Paths-for-Authorization-Decisions-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43939- url
- http://packetstormsecurity.com/files/172296/Pentaho-Business-Server-Authentication-Bypass-SSTI-Code-Execution.html url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-43939 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-43939 advisory