Lucene search

[email protected]NVD:CVE-2022-3960

HistoryApr 03, 2023 - 7:15 p.m.

CVE-2022-3960

2023-04-0319:15:06

CWE-96

CWE-94

[email protected]

web.nvd.nist.gov

hitachi vantara

pentaho

business analytics

server

scripting

vulnerability

community dashboard editor

cde

plugin

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

28.5%

JSON

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin.

Affected configurations

Nvd

Node

hitachivantara_pentaho_business_analytics_serverRange<9.3.0.2

hitachivantara_pentaho_business_analytics_serverMatch9.4.0.0

VendorProductVersionCPE
hitachivantara_pentaho_business_analytics_server*cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:*
hitachivantara_pentaho_business_analytics_server9.4.0.0cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:9.4.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitachi	vantara_pentaho_business_analytics_server	*	cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server::::::::
hitachi	vantara_pentaho_business_analytics_server	9.4.0.0	cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:9.4.0.0:::::::*

References

support.pentaho.com/hc/en-us/articles/14456813547917--Resolved-Pentaho-BA-Server-Improper-Neutralization-of-Directives-in-Statically-Saved-Code-Static-Code-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43940-CVE-2022-3960-