Lucene search
HITVANCVELIST:CVE-2022-4771HistoryApr 03, 2023 - 6:58 p.m.
CVE-2022-4771 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2023-04-0318:58:44
CWE-79
HITVAN
www.cve.org
hitachi vantara
pentaho
business analytics server
security vulnerability
cve-2022-4771
cross-site scripting
session variables
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
27.3%
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Pentaho Business Analytics Server",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "9.3.0.2",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "9.4.0.1",
"status": "affected",
"version": "9.4.0.0",
"versionType": "maven"
}
]
}
]Related
prion
prion
Code injection
2023-04-03 19:15:00
cve
cve
CVE-2022-4771
2023-04-03 19:15:07
nvd
nvd
CVE-2022-4771
2023-04-03 19:15:07
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
27.3%
Related for CVELIST:CVE-2022-4771