CVE-2022-3695

CVSS V2 None CVSS V3 None
Description
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present.   
Overview
  • CVE ID
  • CVE-2022-3695
  • Assigner
  • security.vulnerabilities@hitachivantara.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-11T16:15:07
  • Last Modified Date
  • 2023-04-20T20:46:03
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:hitachivantara:pentaho_business_analytics:*:*:*:*:*:*:*:* 1 OR 8.3.0.27
cpe:2.3:a:hitachivantara:pentaho_business_analytics:*:*:*:*:*:*:*:* 1 OR 9.2.0.0 9.2.0.4
References
History
Created Old Value New Value Data Type Notes
2023-04-17 04:30:47 Added to TrackCVE
2023-04-17 04:30:49 Weakness Enumeration new
2023-04-17 17:00:44 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-20 21:00:50 2023-04-20T20:46:03 CVE Modified Date updated
2023-04-20 21:00:50 Undergoing Analysis Analyzed Vulnerability Status updated
2023-04-20 21:00:53 CPE Information updated