Lucene search

[email protected]NVD:CVE-2022-43771

HistoryApr 03, 2023 - 7:15 p.m.

CVE-2022-43771

2023-04-0319:15:06

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-43771

hitachi vantara

pentaho business analytics

csv import

data access plugin

security vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

29.8%

JSON

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.

Affected configurations

Nvd

Node

hitachivantara_pentaho_business_analytics_serverRange<9.3.0.1

VendorProductVersionCPE
hitachivantara_pentaho_business_analytics_server*cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitachi	vantara_pentaho_business_analytics_server	*	cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server::::::::

References

support.pentaho.com/hc/en-us/articles/14455007818509--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Limitation-of-a-Pathname-to-a-Restricted-Directory-Path-Traversal-Versions-before-9-4-0-0-and-9-3-0-1-including-8-3-x-Impacted-CVE-2022-43771-

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

29.8%

JSON

Related for NVD:CVE-2022-43771

prion1 cvelist1 cve1