CVE-2022-43771

CVSS V2 None CVSS V3 None
Description
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.
Overview
  • CVE ID
  • CVE-2022-43771
  • Assigner
  • security.vulnerabilities@hitachivantara.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-03T19:15:06
  • Last Modified Date
  • 2023-04-10T19:34:46
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:* 1 OR 9.3.0.1
History
Created Old Value New Value Data Type Notes
2023-04-17 04:03:10 Added to TrackCVE
2023-04-17 04:03:13 Weakness Enumeration new