Design/Logic Flaw

2023-05-2422:15:00

PRIOn knowledge base

www.prio-n.com

hitachi vantara pentaho

business analytics server

json data

logic flaw

security vulnerability

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.1%

JSON

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods.

CPENameOperatorVersion
vantara_pentahoge8.3.0.0
vantara_pentahole8.3.0.25
vantara_pentaho_business_analytics_servereq9.4.0.0
vantara_pentaho_business_analytics_serverge9.3.0.0
vantara_pentaho_business_analytics_serverle9.3.0.3

Name	Operator	Version
vantara_pentaho	ge	8.3.0.0
vantara_pentaho	le	8.3.0.25
vantara_pentaho_business_analytics_server	eq	9.4.0.0
vantara_pentaho_business_analytics_server	ge	9.3.0.0
vantara_pentaho_business_analytics_server	le	9.3.0.3

References

support.pentaho.com/hc/en-us/articles/14455879270285-IMPORTANT-Resolved-Pentaho-BA-Server-Deserialization-of-Untrusted-Data-Versions-before-9-4-0-1-and-9-3-0-3-including-8-3-x-Impacted-CVE-2022-4815-