CVE-2022-43940

🗓️ 03 Apr 2023 18:25:33Reported by HITVANType

Hitachi Vantara Pentaho Business Analytics Server authorization check bypas

Reporter	Title	Published	Views	Family All 19
Circl	CVE-2022-43940	3 Apr 202322:25	–	circl
CNNVD	Hitachi Vantara Pentaho Business Analytics Server 安全漏洞	3 Apr 202300:00	–	cnnvd
CNNVD	Hitachi Vantara Pentaho Business Analytics Server 代码问题漏洞	3 Apr 202300:00	–	cnnvd
CNNVD	Hitachi Vantara Pentaho Business Analytics Server 代码注入漏洞	3 Apr 202300:00	–	cnnvd
Cvelist	CVE-2022-43940 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization	3 Apr 202318:25	–	cvelist
EUVD	EUVD-2022-43293	3 Oct 202520:07	–	euvd
EUVD	EUVD-2022-46910	3 Oct 202520:07	–	euvd
EUVD	EUVD-2022-46911	3 Oct 202520:07	–	euvd
NVD	CVE-2022-43940	3 Apr 202319:15	–	nvd
OSV	CVE-2022-3960	3 Apr 202319:15	–	osv

NVD

Node

hitachi vantara_pentaho_business_analytics_serverRange<9.3.0.2

hitachi vantara_pentaho_business_analytics_serverMatch9.4.0.0

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Data Access Plugin"
    ],
    "product": "Pentaho Business Analytics Server",
    "vendor": "Hitachi Vantara ",
    "versions": [
      {
        "lessThan": "9.3.0.2",
        "status": "affected",
        "version": "1.0",
        "versionType": "maven"
      },
      {
        "lessThan": "9.4.0.1",
        "status": "affected",
        "version": "9.4.0.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
support	www.support.pentaho.com/hc/en-us/articles/14456609400973--Resolved-Pentaho-BA-Server-Incorrect-Authorization-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43940-

21 Nov 2024 07:27Current

8.8High risk

Vulners AI Score8.8

CVSS 3.18.8

EPSS0.00374

SSVC

CWE-863