Lucene search

HITVANCVELIST:CVE-2022-3695

HistoryApr 11, 2023 - 3:45 p.m.

CVE-2022-3695 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation

2023-04-1115:45:03

CWE-79

HITVAN

www.cve.org

hitachi vantara

pentaho

business analytics server

security vulnerability

cde plugin

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.5%

JSON

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Community Dashboard Editor"
    ],
    "product": "Pentaho Business Analytics Server",
    "vendor": "Hitachi Vantara",
    "versions": [
      {
        "lessThan": "8.3.0.27",
        "status": "affected",
        "version": "1.0",
        "versionType": "maven"
      },
      {
        "lessThan": "9.2.0.4",
        "status": "affected",
        "version": "9.0.0.0",
        "versionType": "maven"
      }
    ]
  }
]

References

support.pentaho.com/hc/en-us/articles/14739451011981

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.5%

JSON

Related for CVELIST:CVE-2022-3695