CVE-2022-3960 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

🗓️ 03 Apr 2023 18:48:00Reported by HITVANType

Hitachi Vantara Pentaho Business Analytics Server static code injection issu

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors during the processing of input data when performing syntactic analysis of code. This allows an attacker to execute arbitrary code.	12 Apr 202300:00	–	bdu_fstec
Circl	CVE-2022-3960	3 Apr 202322:24	–	circl
CNNVD	Hitachi Vantara Pentaho Business Analytics Server 代码注入漏洞	3 Apr 202300:00	–	cnnvd
CVE	CVE-2022-3960	3 Apr 202318:48	–	cve
EUVD	EUVD-2022-43293	3 Oct 202520:07	–	euvd
NVD	CVE-2022-3960	3 Apr 202319:15	–	nvd
OSV	CVE-2022-3960	3 Apr 202319:15	–	osv
Prion	Design/Logic Flaw	3 Apr 202319:15	–	prion
Positive Technologies	PT-2023-2239 · Hitachi Vantara · Pentaho Business Analytics Server	3 Apr 202300:00	–	ptsecurity
RedhatCVE	CVE-2022-3960	23 May 202500:55	–	redhatcve

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Community Dashboard Editor Plugin"
    ],
    "product": "Pentaho Business Analytics Server",
    "vendor": "Hitachi Vantara",
    "versions": [
      {
        "lessThan": "9.3.0.2",
        "status": "affected",
        "version": "1.0",
        "versionType": "maven"
      },
      {
        "lessThan": "9.4.0.1",
        "status": "affected",
        "version": "9.4.0.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
support	www.support.pentaho.com/hc/en-us/articles/14456813547917--Resolved-Pentaho-BA-Server-Improper-Neutralization-of-Directives-in-Statically-Saved-Code-Static-Code-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43940-CVE-2022-3960-

03 Apr 2023 18:48Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.16.3

EPSS0.00562

CWE-96