Lucene search

HITVANCVELIST:CVE-2022-43770

HistoryApr 11, 2023 - 3:48 p.m.

CVE-2022-43770 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization

2023-04-1115:48:16

CWE-863

HITVAN

www.cve.org

hitachi vantara

pentaho

business analytics

incorrect authorization

dashboard editor

api

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.1%

JSON

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Dashboard Editor Plugin"
    ],
    "product": "Pentaho Business Analytics Server",
    "vendor": "Hitachi Vantara",
    "versions": [
      {
        "lessThan": "8.3.0.27",
        "status": "affected",
        "version": "1.0",
        "versionType": "maven"
      },
      {
        "lessThan": "9.2.0.4",
        "status": "affected",
        "version": "9.0.0.0",
        "versionType": "maven"
      }
    ]
  }
]

References

support.pentaho.com/hc/en-us/articles/14739303079053

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.1%

JSON

Related for CVELIST:CVE-2022-43770