Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CVE-2022-43769
Key Information:
- Vendor
Hitachi
- Vendor
- CVE Published:
- 3 April 2023
Badges
What is CVE-2022-43769?
The affected versions of Hitachi Vantara Pentaho Business Analytics Server allow certain web services to accept and set property values that contain Spring templates. These templates, if not properly sanitized, may be interpreted downstream, leading to possible content injection and exploitation scenarios. Attackers could leverage this vulnerability to potentially execute arbitrary code or gain unauthorized access to system resources.
CISA has reported CVE-2022-43769
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2022-43769 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Pentaho Business Analytics Server 1.0 < 9.3.0.2
Pentaho Business Analytics Server 9.4.0.0 < 9.4.0.1
References
EPSS Score
93% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published
Vulnerability Reserved